[FEATURE][PLUGIN]: Create Header Injector plugin #895
Description
Overview
Create a Header Injector Plugin that automatically adds custom headers to outbound requests, useful for authentication, tracking, metadata injection, and integration requirements.
Plugin Requirements
Plugin Details
- Name: HeaderInjectorPlugin
- Type: Self-contained (native) plugin
- File Location:
plugins/header_injector/ - Complexity: Low
Functionality
- Inject custom headers into resource requests
- Support static and dynamic header values
- Conditional header injection based on request properties
- Template-based header values with context substitution
- Header overrides and priority management
Hook Integration
- Primary Hook:
resource_pre_fetch - Purpose: Add headers to outbound HTTP requests before fetching
- Behavior: Modify request headers based on configuration
Configuration Schema
plugins:
- name: "HeaderInjector"
kind: "plugins.header_injector.injector.HeaderInjectorPlugin"
description: "Injects custom headers into outbound requests"
version: "0.1.0"
hooks: ["resource_pre_fetch"]
mode: "permissive" # Usually non-blocking
priority: 40
conditions:
- resources: ["https://api.company.com/*", "https://*.internal.corp"]
config:
# Static headers (always injected)
static_headers:
User-Agent: "MCP-Gateway/0.8.0 (Context-Forge)"
X-Client-Version: "0.8.0"
X-Environment: "production"
X-Gateway-ID: "gateway-prod-001"
# Dynamic headers with template substitution
dynamic_headers:
X-Request-ID: "{{request_id}}"
X-User-ID: "{{user}}"
X-Tenant-ID: "{{tenant_id}}"
X-Server-ID: "{{server_id}}"
X-Timestamp: "{{timestamp}}"
X-Session-ID: "{{session_id}}"
# Authentication headers
auth_headers:
Authorization: "Bearer {{auth_token}}"
X-API-Key: "{{api_key}}"
X-Client-Secret: "{{client_secret}}"
# Conditional headers based on request properties
conditional_headers:
- condition:
url_pattern: "https://api.github.com/*"
headers:
Accept: "application/vnd.github.v3+json"
X-GitHub-Api-Version: "2022-11-28"
Authorization: "token {{github_token}}"
- condition:
url_pattern: "https://*.amazonaws.com/*"
method: ["GET", "POST"]
headers:
X-Amz-Content-Sha256: "UNSIGNED-PAYLOAD"
X-Amz-Date: "{{aws_date}}"
Authorization: "{{aws_signature}}"
- condition:
content_type: "application/json"
headers:
Content-Type: "application/json; charset=utf-8"
Accept: "application/json"
- condition:
user_agent_contains: "bot"
headers:
X-Bot-Request: "true"
Rate-Limit-Policy: "strict"
# Header transformation rules
transformations:
# Remove sensitive headers
remove_headers:
- "Cookie"
- "Set-Cookie"
- "X-Internal-*"
# Rename headers
rename_headers:
X-Custom-Auth: "Authorization"
X-User-Agent: "User-Agent"
# Header value transformations
value_transforms:
User-Agent:
append: " (via MCP-Gateway)"
X-Forwarded-For:
prepend: "{{client_ip}}, "
# Environment variable substitution
env_substitution:
enabled: true
prefix: "HEADER_" # HEADER_AUTH_TOKEN -> {{auth_token}}
case_transform: "lower" # upper | lower | none
# Security settings
security:
# Prevent header injection attacks
sanitize_values: true
max_header_length: 8192
blocked_headers:
- "Host"
- "Content-Length"
- "Transfer-Encoding"
# Only allow certain characters
allowed_header_chars: "^[A-Za-z0-9-_:.\\s]*$"
# Performance settings
performance:
cache_dynamic_values: true
cache_ttl_seconds: 300
max_headers_per_request: 50
# Debugging and logging
debug:
log_injected_headers: false # Security risk if true
log_template_substitutions: true
log_condition_matches: trueImplementation Requirements
File Structure
plugins/header_injector/
├── __init__.py
├── injector.py # Main plugin class
├── template_engine.py # Header value templating
├── condition_matcher.py # Condition evaluation
├── header_transformer.py # Header transformation utilities
├── plugin-manifest.yaml # Plugin metadata
├── README.md # Usage documentation
└── examples/ # Configuration examples
├── basic_auth.yaml
├── api_keys.yaml
└── conditional.yaml
Core Features
-
Header Injection Types
- Static headers (constant values)
- Dynamic headers (template-based values)
- Authentication headers (tokens, API keys)
- Conditional headers (based on request properties)
-
Template Engine
- Context variable substitution (user, tenant, request_id)
- Environment variable injection
- Custom function support (timestamp, uuid, hash)
- Nested template resolution
-
Condition Matching
- URL pattern matching (glob, regex)
- HTTP method filtering
- Content type matching
- User agent detection
- Custom header presence
-
Header Transformations
- Header removal and renaming
- Value appending and prepending
- Case transformations
- Value sanitization
Usage Examples
Basic Authentication Headers
# Resource request to GitHub API
resource_uri = "https://api.github.com/user/repos"
# Plugin injects headers based on URL pattern match:
# Headers added:
# {
# "Accept": "application/vnd.github.v3+json",
# "X-GitHub-Api-Version": "2022-11-28",
# "Authorization": "token ghp_xxxxxxxxxxxx",
# "User-Agent": "MCP-Gateway/0.8.0 (Context-Forge)",
# "X-Request-ID": "req-12345-67890"
# }Dynamic Header Injection
# Resource request with context
context = {
"user": "alice@company.com",
"tenant_id": "enterprise-001",
"request_id": "req-abc123"
}
# Plugin injects dynamic headers:
# {
# "X-User-ID": "alice@company.com",
# "X-Tenant-ID": "enterprise-001",
# "X-Request-ID": "req-abc123",
# "X-Timestamp": "2024-01-15T10:30:45Z"
# }Conditional API Key Injection
# Configuration for different APIs
conditional_headers:
- condition:
url_pattern: "https://api.openai.com/*"
headers:
Authorization: "Bearer {{OPENAI_API_KEY}}"
OpenAI-Organization: "{{OPENAI_ORG_ID}}"
- condition:
url_pattern: "https://api.anthropic.com/*"
headers:
X-API-Key: "{{ANTHROPIC_API_KEY}}"
anthropic-version: "2023-06-01"Header Transformation Example
# Original request headers
original_headers = {
"User-Agent": "Python/requests",
"X-Internal-Token": "secret123",
"Cookie": "session=abc123"
}
# After transformation:
# {
# "User-Agent": "Python/requests (via MCP-Gateway)", # appended
# "X-Request-ID": "req-12345", # injected
# # X-Internal-Token removed (sensitive)
# # Cookie removed (sensitive)
# }Template Variables Available
{{request_id}}- Unique request identifier{{user}}- Current user identifier{{tenant_id}}- Tenant context{{server_id}}- Virtual server ID{{timestamp}}- Current ISO timestamp{{session_id}}- Session identifier{{client_ip}}- Client IP address{{uuid}}- Generated UUID{{env.VAR_NAME}}- Environment variables
Security Considerations
- Header value sanitization to prevent injection attacks
- Blocked header list to prevent critical header modification
- Optional header logging (disabled by default for security)
- Environment variable access controls
- Maximum header size limits
Testing Requirements
- Unit tests for all header injection scenarios
- Template engine tests with various contexts
- Condition matching tests
- Header transformation tests
- Security tests for injection attempts
- Performance tests with large header sets
Documentation Requirements
- Plugin configuration examples for common use cases
- Template variable reference
- Security best practices
- Troubleshooting guide
Acceptance Criteria
- Plugin implements HeaderInjectorPlugin class
- Supports static, dynamic, and conditional headers
- Template engine with context variable substitution
- Condition matching for URL patterns, methods, content types
- Header transformation capabilities (remove, rename, transform)
- Environment variable substitution
- Security sanitization and validation
- Plugin manifest and documentation created
- Unit tests with >90% coverage
- Integration tests with real HTTP requests
- Security testing for header injection attacks
Priority
Medium - Useful for authentication and integration requirements
Dependencies
- Template engine (Jinja2 or similar)
- URL pattern matching library
- HTTP header manipulation utilities
Use Cases
- API authentication (Bearer tokens, API keys)
- Request tracking and correlation
- Metadata injection for observability
- Client identification and versioning
- Custom integration requirements