proxy: add per-route request headers setting (#346)

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

internal/config/policy.go

@@ -66,14 +66,10 @@ type Policy struct {
 	TLSClientKeyFile  string `mapstructure:"tls_client_key_file" yaml:"tls_client_key_file"`
 	ClientCertificate *tls.Certificate
 
-	// IsForwardAuthEndpoint allows for a given route to be used as a forward-auth
-	// endpoint instead of a reverse proxy. Some third-party proxies that do not
-	// have rich access control capabilities (nginx, envoy, ambassador, traefik)
-	// allow you to delegate and authenticate each request to your website
-	// with an external server or service. Pomerium can be configured to accept
-	// these requests with this switch
-	// todo(bdd): link to docs
-	IsForwardAuthEndpoint bool
+	// SetRequestHeaders adds a collection of headers to the downstream request
+	// in the form of key value pairs. Note bene, this will overwrite the
+	// value of any existing value of a given header key.
+	SetRequestHeaders map[string]string `mapstructure:"set_request_headers" yaml:"set_request_headers"`
 }
 
 // Validate checks the validity of a policy.

internal/middleware/middleware.go

@@ -16,13 +16,13 @@ import (
 	"golang.org/x/net/publicsuffix"
 )
 
-// SetHeaders ensures that every response includes some basic security headers
-func SetHeaders(securityHeaders map[string]string) func(next http.Handler) http.Handler {
+// SetHeaders sets a map of response headers.
+func SetHeaders(headers map[string]string) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			ctx, span := trace.StartSpan(r.Context(), "middleware.SetHeaders")
 			defer span.End()
-			for key, val := range securityHeaders {
+			for key, val := range headers {
 				w.Header().Set(key, val)
 			}
 			next.ServeHTTP(w, r.WithContext(ctx))