Common Configuration Options

Timeout

Following configuration options are supported:

  • read: Duration (optional)

    The amount of time allowed to read the full request including body. Defaults to 5 seconds.

  • write: Duration (optional)

    The maximum duration before timing out writes of the response. Defaults to 10 seconds.

  • idle: Duration (optional)

    The maximum amount of time to wait for the next request when keep-alive is enabled. If ìdle is 0, the value of read timeout is used. Defaults to 2 minutes.

Example 1. Setting the read timeout to 1 second, write timeout to 2 seconds and the idle timeout to 1 minute.
read: 1s
write: 2s
idle: 1m

Duration

Duration is actually a string type, which adheres to the following pattern: ^[0-9]+(ns|us|ms|s|m|h)$

So with 10s you can define the duration of 10 seconds and with 2h you can say 2 hours.

CORS

CORS (Cross-Origin Resource Sharing) headers can be added and configured by making use of this option. This functionality allows for advanced security features to quickly be set. If CORS headers are set, then the Heimdall does not pass preflight requests to its decision pipeline, instead the response will be generated and sent back to the client directly. Following configuration options are supported:

  • allowed_origins: string array (optional)

    List of origins that may access the resource. Defaults to all, if not set, but any of the other CORS options are configured.

  • allowed_methods: string array (optional)

    List of methods allowed when accessing the resource. This is used in response to a preflight request. Defaults to GET, POST, HEAD, PUT, DELETE and PATCH if not set, but any of the other CORS options are configured.

  • allowed_headers: string array (optional)

    List of request headers that can be used when making the actual request.

  • exposed_headers: string array (optional)

    "Allow-List" of headers that clients are allowed to access.

  • allow_credentials: boolean (optional)

    Indicates whether the response to the request can be exposed when the credentials flag is true. When used as part of a response to a preflight request, this indicates whether the actual request can be made using credentials. Defaults to false if not set, but any of the other CORS options are configured.

  • max_age: Duration (optional)

    Indicates how long the results of a preflight request can be cached. Defaults to 0 seconds if not set, but any of the other CORS options are configured.

Example 2. Possible configuration
allowed_origins:
  - example.org
allowed_methods:
  - HEAD
  - PATCH
allow_credentials: true
max_age: 10s

TLS

As of today, the available configuration options are however limited to setting up the private key, as well as the corresponding certificate. TLSv1.2 and TLSv1.3 can however be used by the clients, with TLSv1.2 cipher spec usage limited to what the Go Language supports.

  • key: string (mandatory)

    Path to the private key in PEM format. PKCS#1, as well as PKCS#8 formats are supported.

  • cert: string (mandatory)

    Path to the certificate in PEM format. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain

Management
Logging