Add support for response flow policy in standalone mode
fredmaggiowski opened this issue · 0 comments
fredmaggiowski commented
Right now, when rönd operates in standalone mode it is not capable of executing response-flow policies therefore I have to write any security-related filter on API responses in the API itself.
Describe the solution you'd like
I'd like to be able to invoke rönd standalone also to be able to know the payload I should return to the client.
So with a configuration such as
{
"/someapi": {
"x-rond": {
"requestFlow": { "policyName": "allow_all" },
"responseFlow": { "policyName": "my_policy" },
}
}
}
I'd like to do something like
curl -X POST http://rond-standalone/eval/someapi -d '{ my original payload }'
And receive back the payload modified by my_policy
.
Describe alternatives you've considered
To let rönd discern whether the http://rond-standalone/eval/someapi
should use the request
or response
flow I'd like to use something like:
- a reserved query param:
?rondFlow=response
- a reserved header:
rond-flow=response
- change the path to /eval/:flow/:apiname
therefore the api would actually be different based on the flow, in this case:
http://rond-standalone/eval/response/someapi` but this would be a breaking change!
Any other suggestion on a solution?