aspnetcore/fundamentals/servers/yarp/transforms-response.md
All response headers and trailers are copied from the proxied response to the outgoing client response by default. Response and response trailer transforms may specify if they should be applied only for successful responses or for all responses.
In code these are implemented as derivations of the abstract classes ResponseTransform and ResponseTrailersTransform.
Sets whether destination response headers are copied to the client
| Key | Value | Default | Required |
|---|---|---|---|
| ResponseHeadersCopy | true/false | true | yes |
Config:
{ "ResponseHeadersCopy": "false" }
Code:
routeConfig = routeConfig.WithTransformCopyResponseHeaders(copy: false);
transformBuilderContext.CopyResponseHeaders = false;
This sets if all proxy response headers are copied to the client response. This setting is enabled by default and can be disabled by configuring the transform with a false value. Transforms that reference specific headers will still be run if this is disabled.
Adds or replaces response headers
| Key | Value | Default | Required |
|---|---|---|---|
| ResponseHeader | The header name | (none) | yes |
| Set/Append | The header value | (none) | yes |
| When | Success/Always/Failure | Success | no |
Config:
{
"ResponseHeader": "HeaderName",
"Append": "value",
"When": "Success"
}
Code:
routeConfig = routeConfig.WithTransformResponseHeader(
headerName: "HeaderName", value: "value", append: true, ResponseCondition.Success);
transformBuilderContext.AddResponseHeader(
headerName: "HeaderName", value: "value", append: true, always: ResponseCondition.Success);
Example:
HeaderName: value
This sets or appends the value for the named response header. Set replaces any existing header. Append adds an additional header with the given value. Note: setting "" as a header value is not recommended and can cause an undefined behavior.
When specifies if the response header should be included for all, successful, or failure responses. Any response with a status code less than 400 is considered a success.
Removes response headers
| Key | Value | Default | Required |
|---|---|---|---|
| ResponseHeaderRemove | The header name | (none) | yes |
| When | Success/Always/Failure | Success | no |
Config:
{
"ResponseHeaderRemove": "HeaderName",
"When": "Success"
}
Code:
routeConfig = routeConfig.WithTransformResponseHeaderRemove(
headerName: "HeaderName", ResponseCondition.Success);
transformBuilderContext.AddResponseHeaderRemove(
headerName: "HeaderName", ResponseCondition.Success);
Example:
HeaderName: value
AnotherHeader: another-value
This removes the named response header.
When specifies if the response header should be removed for all, successful, or failure responses. Any response with a status code less than 400 is considered a success.
| Key | Value | Required |
|---|---|---|
| ResponseHeadersAllowed | A semicolon separated list of allowed header names. | yes |
Config:
{
"ResponseHeadersAllowed": "Header1;header2"
}
Code:
routeConfig = routeConfig.WithTransformResponseHeadersAllowed("Header1", "header2");
transformBuilderContext.AddResponseHeadersAllowed("Header1", "header2");
YARP copies most response headers from the proxy response by default (see ResponseHeadersCopy). Some security models only allow specific headers to be proxied. This transform disables ResponseHeadersCopy and only copies the given headers. Other transforms that modify or append to existing headers may be affected if not included in the allow list.
Note that there are some headers YARP does not copy by default since they are connection specific or otherwise security sensitive (e.g. Connection, Alt-Svc). Putting those header names in the allow list will bypass that restriction but is strongly discouraged as it may negatively affect the functionality of the proxy or cause security vulnerabilities.
Example:
Header1: value1
Header2: value2
AnotherHeader: AnotherValue
Only header1 and header2 are copied from the proxy response.
Sets whether destination trailing response headers are copied to the client
| Key | Value | Default | Required |
|---|---|---|---|
| ResponseTrailersCopy | true/false | true | yes |
Config:
{ "ResponseTrailersCopy": "false" }
Code:
routeConfig = routeConfig.WithTransformCopyResponseTrailers(copy: false);
transformBuilderContext.CopyResponseTrailers = false;
This sets if all proxy response trailers are copied to the client response. This setting is enabled by default and can be disabled by configuring the transform with a false value. Transforms that reference specific headers will still be run if this is disabled.
Adds or replaces trailing response headers
| Key | Value | Default | Required |
|---|---|---|---|
| ResponseTrailer | The header name | (none) | yes |
| Set/Append | The header value | (none) | yes |
| When | Success/Always/Failure | Success | no |
Config:
{
"ResponseTrailer": "HeaderName",
"Append": "value",
"When": "Success"
}
Code:
routeConfig = routeConfig.WithTransformResponseTrailer(
headerName: "HeaderName", value: "value", append: true, ResponseCondition.Success);
transformBuilderContext.AddResponseTrailer(
headerName: "HeaderName", value: "value", append: true, ResponseCondition.Success);
Example:
HeaderName: value
Response trailers are headers sent at the end of the response body. Support for trailers is uncommon in HTTP/1.1 implementations but is becoming common in HTTP/2 implementations. Check your client and server for support.
ResponseTrailer follows the same structure and guidance as ResponseHeader.
Removes trailing response headers
| Key | Value | Default | Required |
|---|---|---|---|
| ResponseTrailerRemove | The header name | (none) | yes |
| When | Success/Always/Failure | Success | no |
Config:
{
"ResponseTrailerRemove": "HeaderName",
"When": "Success"
}
Code:
routeConfig = routeConfig.WithTransformResponseTrailerRemove(headerName: "HeaderName", ResponseCondition.Success);
transformBuilderContext.AddResponseTrailerRemove(headerName: "HeaderName", ResponseCondition.Success);
Example:
HeaderName: value
AnotherHeader: another-value
This removes the named trailing header.
ResponseTrailerRemove follows the same structure and guidance as ResponseHeaderRemove.
| Key | Value | Required |
|---|---|---|
| ResponseTrailersAllowed | A semicolon separated list of allowed header names. | yes |
Config:
{
"ResponseTrailersAllowed": "Header1;header2"
}
Code:
routeConfig = routeConfig.WithTransformResponseTrailersAllowed("Header1", "header2");
transformBuilderContext.AddResponseTrailersAllowed("Header1", "header2");
YARP copies most response trailers from the proxy response by default (see ResponseTrailersCopy). Some security models only allow specific headers to be proxied. This transform disables ResponseTrailersCopy and only copies the given headers. Other transforms that modify or append to existing headers may be affected if not included in the allow list.
Note that there are some headers YARP does not copy by default since they are connection specific or otherwise security sensitive (e.g. Connection, Alt-Svc). Putting those header names in the allow list will bypass that restriction but is strongly discouraged as it may negatively affect the functionality of the proxy or cause security vulnerabilities.
Example:
Header1: value1
Header2: value2
AnotherHeader: AnotherValue
Only header1 and header2 are copied from the proxy response.