Setting Custom Security Headers Using MFCLI

Overview

A new MFCLI command is introduced to streamline the configuration of initial custom headers for Fabric runtime services. Previously, this configuration was only possible through the Admin Console, requiring a manual login. With this enhancement, the infrastructure team can now set the required security headers at the time of provisioning, improving efficiency and reducing the risk of manual error.

Key Benefits:

Enables customers and SaaS teams to define initial security headers during infrastructure provisioning.
Eliminates the need for manual configuration via the Admin Console.

Command Syntax

set-mw-runtime-config [options]

Command Options

Parameter	Short Name
`--prop_name`	`-pn`
`--prop_value`	`-pv`
`--file`	`-f`

NOTE: Note: You can use either --prop_name/--prop_value or the --file option. If both are provided, the --file option takes precedence.

Usage Scenarios

Using `--prop_name` and `--prop_value`

Property Name	Property Value	Example
`service_custom_response_headers`	JSON String	`"[{\"name\":\"X-Content-Type-Options\",\"value\":\"nosniff\"},{\"name\":\"X-Frame-Options\",\"value\":\"ALLOW\"}]"`
`enable_custom_response_headers_to_all_services`	Boolean	`"true"` or `"false"`
`webapp_custom_response_headers`	JSON String	`"[{\"name\":\"X-Content-Type-Options\",\"value\":\"nosniff\"},{\"name\":\"X-Frame-Options\",\"value\":\"ALLOW\"}]"`

Using the `--file` Option

Combine all the properties in a single file and provide the file as input to the command using the --file option.

(mwruntimeconfig.json):

[
      {
	"prop_name": "service_custom_response_headers",
	"prop_value": "[{\"name\":\"X-Content-Type-Options\",\"value\":\"nosniff\"},{\"name\":\"X-Frame-Options\",\"value\":\"ALLOW\"}]"
	},
	{
	"prop_name": "enable_custom_response_headers_to_all_services",
	"prop_value": "true"
	},
	{
	"prop_name": "webapp_custom_response_headers",
	"prop_value": "[{\"name\":\"X-Content-Type-Options\",\"value\":\"nosniff\"},{\"name\":\"X-Frame-Options\",\"value\":\"ALLOW\"}]"
	}
]

Examples

Kony Cloud (manage.kony.com) Environment

java jar mfcli.jar set-mw-runtime-config -u <user> -p <password> -t <account id> -clurl <cloud url> -e <environment name> -pn <property name> -pv <propertyvalue> -f <file path>

java -jar mfcli.jar set-mw-runtime-config -u abc@kony.com -p password -t 100054321 -clurl https://manage.temenos-cloud.com -
e MyEnv -pn "service_custom_response_headers" -pv "[{\"name\":\"X-Content-Type-Options\",\"value\":\"nosniff\"},{\"name\":\"
X-Frame-Options\",\"value\":\"ALLOW\"}]"

On-Premise Installation

java -jar mfcli.jar set-mw-runtime-config -u <user> -p <password> -au <Identity URL> -cu <Console URL> -e <environment name> -pn <property name> -pv<property value>

java jar mfcli.jar set-mw-runtime-config -u abc@kony.com -p password -au http://10.10.24.79:8080 -cu http://10.10.24.78:8081
-e MyEnv -pn "service_custom_response_headers" -pv "[{\"name\":\"X-Content-Type-Options\",\"value\":\"nosniff\"},{\"name\":
\"X-Frame-Options\",\"value\":\"ALLOW\"}]"

Using `--file` Option

java -jar mfcli.jar set-mw-runtime-config -u abc@kony.com -p password -au http://10.10.24.79:8080 -cu http://10.10.24.78:8081 -e MyEnv --file "C:\\tmp\\mwruntimeconfig.json"