From 38de8332a57f54607e69303433067336e85a83af Mon Sep 17 00:00:00 2001
From: Ethan Donowitz <8703826+ethowitz@users.noreply.github.com>
Date: Wed, 16 Mar 2022 17:26:24 -0400
Subject: [PATCH] bug: add missing Tokenserver headers (#1243)

Closes #1242
---
 src/tokenserver/handlers.rs                     | 12 +++++++++++-
 tools/integration_tests/tokenserver/test_e2e.py |  4 ++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/tokenserver/handlers.rs b/src/tokenserver/handlers.rs
index 71fe15a000..a99836e69c 100644
--- a/src/tokenserver/handlers.rs
+++ b/src/tokenserver/handlers.rs
@@ -50,7 +50,17 @@ pub async fn get_tokenserver_result(
         node_type: req.node_type,
     };
 
-    Ok(HttpResponse::build(StatusCode::OK).json(result))
+    let timestamp = {
+        let start = SystemTime::now();
+        start.duration_since(UNIX_EPOCH).unwrap().as_secs()
+    };
+
+    // `X-Content-Type-Options: nosniff` was set automatically by the Pyramid cornice library
+    // on the Python Tokenserver. For the Rust Tokenserver, we set it in nginx instead of in the
+    // application code here.
+    Ok(HttpResponse::build(StatusCode::OK)
+        .header("X-Timestamp", timestamp.to_string())
+        .json(result))
 }
 
 fn get_token_plaintext(
diff --git a/tools/integration_tests/tokenserver/test_e2e.py b/tools/integration_tests/tokenserver/test_e2e.py
index fd0b62f030..bfa227a8f0 100644
--- a/tools/integration_tests/tokenserver/test_e2e.py
+++ b/tools/integration_tests/tokenserver/test_e2e.py
@@ -206,3 +206,7 @@ def test_valid_request(self):
         self.assertEqual(res.json['hashed_fxa_uid'],
                          self._fxa_metrics_hash(fxa_uid)[:32])
         self.assertEqual(res.json['node_type'], 'spanner')
+        # The response should have an X-Timestamp header that contains the
+        # number of seconds since the UNIX epoch
+        self.assertIn('X-Timestamp', res.headers)
+        self.assertIsNotNone(int(res.headers['X-Timestamp']))