Added global HTTP response headers configuration. Resolves #3788.

[kashimiz]

Resolves #3788

Global HTTP headers are configured at the root host.json level, ex.:

{
  "version": "2.0",
  "customHeaders":
  {
    "X-Content-Type-Options": "nosniff"
  }
}

I chose the name customHeaders for its familiarity to ASP.NET Core developers, being used for the same purpose in web.config.

[brettsam]

One comment about where this setting should live in the host.json -- I think @soninaren may have to change the hsts as well. It seems like these should live under extensions -> http.

[fabiocav]

I'm assuming this pattern is in place here because of what was done in the HSTS middleware, but this middleware doesn't have the same requirements, so you should be able to simplify this and make it a bit more efficient.

Something as simple as this should just work:

 public class CustomHeadersMiddleware : IJobHostHttpMiddleware
    {
        private readonly ScriptJobHostOptions _hostOptions;

        public CustomHeadersMiddleware(IOptions<ScriptJobHostOptions> hostOptions)
        {
            _hostOptions = hostOptions.Value;
        }

        public async Task Invoke(HttpContext context, RequestDelegate next)
        {
            await next(context);

            foreach (var header in _hostOptions.CustomHeaders)
            {
                context.Response.Headers[header.Key] = header.Value;
            }
        }
    }

[kashimiz]

Can do. More for my own curiosity than anything else, and to better understand this part of the codebase, what were the requirements for the HSTS middleware that necessitated the pattern Naren used?

[fabiocav]

One minor nit comment (to avoid an additional file change), but this is good to go!

[fabiocav]

@kashimiz are you still waiting on anything to merge this?