bug: add missing Tokenserver headers (#1243)

Closes #1242
mozilla-services · Mar 16, 2022 · 38de833 · 38de833
1 parent 291a40e
commit 38de833
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/src/tokenserver/handlers.rs b/src/tokenserver/handlers.rs
@@ -50,7 +50,17 @@ pub async fn get_tokenserver_result(
         node_type: req.node_type,
     };
 
-    Ok(HttpResponse::build(StatusCode::OK).json(result))
+    let timestamp = {
+        let start = SystemTime::now();
+        start.duration_since(UNIX_EPOCH).unwrap().as_secs()
+    };
+
+    // `X-Content-Type-Options: nosniff` was set automatically by the Pyramid cornice library
+    // on the Python Tokenserver. For the Rust Tokenserver, we set it in nginx instead of in the
+    // application code here.
+    Ok(HttpResponse::build(StatusCode::OK)
+        .header("X-Timestamp", timestamp.to_string())
+        .json(result))
 }
 
 fn get_token_plaintext(

diff --git a/tools/integration_tests/tokenserver/test_e2e.py b/tools/integration_tests/tokenserver/test_e2e.py
@@ -206,3 +206,7 @@ def test_valid_request(self):
         self.assertEqual(res.json['hashed_fxa_uid'],
                          self._fxa_metrics_hash(fxa_uid)[:32])
         self.assertEqual(res.json['node_type'], 'spanner')
+        # The response should have an X-Timestamp header that contains the
+        # number of seconds since the UNIX epoch
+        self.assertIn('X-Timestamp', res.headers)
+        self.assertIsNotNone(int(res.headers['X-Timestamp']))