Skip to content

Add support for using custom request headers

Cameron Swords requested to merge add-request-headers-support into master

What does this MR do?

When accessing an API during a DAST scan there is often a requirement to authenticate using request headers. This MR allows the user to supply header name/value pairs. These will be applied to every request made by ZAP to the API. For example:

include:
  - template: DAST.gitlab-ci.yml

variables:
  DAST_WEBSITE: https://example.com/api-specification.yml
  DAST_API_SPEC_FORMAT: openapi
  DAST_REQUEST_HEADERS: "Authorization: Bearer 123456789,Accept: */*"

Note that adding request headers should apply to all ZAP requests, not just those made in an API scan.

What are the relevant issue numbers?

gitlab-org/gitlab#10928 (closed)

Does this MR meet the acceptance criteria?

Edited by Cameron Swords

Merge request reports

Loading