RSAS allows you to customize the HTTP headers sent in its HTTP responses. This is useful in certain situations, such as:
<icecast>
...
<custom-headers>
<add-header name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
<add-header name="X-CDN" value="example.com" />
<add-header name="X-ServerID" value="server1.example.com" />
<cors>
<allowed-origin>www.radiomast.io</allowed-origin>
<allowed-origin>www.radiomast.com</allowed-origin>
<expose-headers>X-CDN, X-ServerID</expose-headers>
</cors>
</custom-headers>
</icecast>
A <custom-headers>
section can be added inside different scopes in your config file, to apply to different HTTP responses.
Supported scopes:
Scope | Supported | When to use |
---|---|---|
Global ( <icecast> ) | Yes | Custom HTTP header needed on all responses. |
Listen Socket ( <listen-socket> ) | Yes | Custom headers applied only for a particular port (eg. HSTS headers for HTTPS) |
VHost ( <vhost> ) | Yes | Applied only for a specific domain. |
Mount ( <mount> ) | Yes | Applied only for a specific mount. |
<add-header name="Example" value="foo">
Adds a custom HTTP header to all responses within the current scope.
<cors>
)<allowed-origin>
Sets the Access-Control-Allowed-Origin header, which instructs browsers to restrict the domains from which cross-origin (AJAX) requests can be performed from. Specify this directive multiple times to allow multiple, different origins.
<expose-headers>
Sets the Access-Control-Expose-Headers
header in HTTP responses, to advise browsers which HTTP headers should be allowed to be accessed via AJAX, for cross-origin requests. Any headers specified via this directive will be appended to the standard list exposed by RSAS.
(Content-Type, icy-metaint, icy-br, ice-audio-info, icy-description, icy-genre, icy-name, icy-samplerate, icy-url
)
This directive is useful if you are adding custom HTTP headers, which you need to access via AJAX.