[XrdHttp] Allow static headers to be specified for browsers

[bbockelm]

(This patch is more of a RFI -- I think all the infrastructure is in place that I can add a unit test before marking it as not a draft)

In Pelican, we want to allow users from browsers to be able to access XRootD servers (including through redirections). However, to do this, we need to add a few extra headers to all GET and OPTIONS requests to permit redirections across sites (we hit various CORS safeguards that are reasonable for a generic webapp -- but needed for a data federation).

The existing plugin mechanism isn't sufficient because we don't want to replace the XRootD handling of the requests (such as a GET) but rather augment it with a few static headers.

This PR adds a new configuration option, http.staticheader, that permits such a header to be set. The config option has the following form:

http.staticheader [-verb=[GET|HEAD|...]]* header [value]

Here's a few examples:

http.staticheader -verb=OPTIONS Access-Control-Allow-Origin *
http.staticheader -verb=GET Foo Bar
http.staticheader -verb=GET Foo Baz
http.staticheader Test 1

• If the -verb is omitted then the header is set for all requests
• If the value is omitted, then the prior static header settings are unset. Otherwise, they are additive (same header specified multiple times will cause multiple values to be sent; this is perfectly fine in HTTP-land).

So, for the example configuration above, here's the response for a simple GET request:

< HTTP/1.1 403 Forbidden
< Connection: Close
< Server: XrootD/v5.7.1-85-g42eab06b3
< Test: 1
< Foo: Bar
< Foo: Baz
< Content-Length: 36

[bbockelm]

@amadio - do you recognize the test failures? I'd be a bit surprised if it was due to the PR itself (as the tests appear to be over the xrootd protocol and the changes here are localized to HTTP).

[amadio]

@bbockelm Yes, those are from Andy's last couple of commits. I think it's actually better to send pull requests for master, since I can merge either there or retarget to devel more easily than the other way around. And you will not see these test failures.

[abh3]

No doubt, but other than the test ending with a non-zero RC there are no other error messages. Another transient error?

[bbockelm]

Ok, hearing no fundamental objections, I added an integration test and have marked this as ready for review.

[ccaffy]

Thanks again, I found some issues under certain circumstances (see different comments)

[bbockelm]

@ccaffy - I touched up the pieces requested and adjusted the integration test accordingly. Please re-review.

[ccaffy]

Just one typo and then it's ready to go. I tried it on my box and it works as expected! Thanks

[ccaffy]

Thanks Brian for the fixes!
I'll create an issue for @abh3 to update the xrd http documentation to document these flags behavior.

[bbockelm]

@amadio - would you like me to retarget this to master? I think that'll (potentially) lose the review comments from @ccaffy (though those are potentially less important now he's approved the PR) but will clean up the commit history and fix up the unit tests.

[amadio]

If this doesn't depend on anything from devel, yes, go ahead. However, due to the nature of the changes, this will only get merged into a feature release.

[bbockelm]

@amadio - sounds good! While there are some nearby code changes, nothing from devel is needed for this. I updated the PR to target master (which should help with the unit tests; I really like the "green checkmark") and feel free to merge into devel once you're ready.

[amadio]

Ok, I'm marking this for 5.8.0. If there are no problems with ABI (which I will test later), I will merge this after 5.7.3 is released.

[amadio]

Rebased to resolve conflicts with other merged changes that touched http.sh test script.