action/context: add capability to set response headers

lib/action/context.go

@@ -33,7 +33,8 @@ func init() {
 var ContextDefaultSettings = ContextSettings{}
 
 type ContextSettings struct {
-	Settings map[string]string `yaml:"context-set"`
+	ContextSet      map[string]string `yaml:"context-set"`
+	ResponseHeaders map[string]string `yaml:"response-headers"`
 }
 
 type Context struct {
@@ -42,9 +43,13 @@ type Context struct {
 
 func (a Context) Handle(logger *slog.Logger, w http.ResponseWriter, r *http.Request, done func() (backend http.Handler)) (next bool, err error) {
 	data := challenge.RequestDataFromContext(r.Context())
-	for k, v := range a.opts.Settings {
+	for k, v := range a.opts.ContextSet {
 		data.SetOpt(k, v)
 	}
 
+	for k, v := range a.opts.ResponseHeaders {
+		w.Header().Set(k, v)
+	}
+
 	return true, nil
 }

lib/challenge/data.go

@@ -243,7 +243,7 @@ func (d *RequestData) HasValidChallenge(id Id) bool {
 	return d.ChallengeVerify[id].Ok()
 }
 
-func (d *RequestData) Headers(headers http.Header) {
+func (d *RequestData) RequestHeaders(headers http.Header) {
 	headers.Set("X-Away-Id", d.Id.String())
 
 	for id, result := range d.ChallengeVerify {

lib/http.go

@@ -174,7 +174,7 @@ func (state *State) handleRequest(w http.ResponseWriter, r *http.Request) {
 		}
 		r.URL.RawQuery = q.Encode()
 
-		data.Headers(r.Header)
+		data.RequestHeaders(r.Header)
 
 		// delete cookies set by go-away to prevent user tracking that way
 		cookies := r.Cookies()