Export (0) Print
Expand All

2.2.1 Custom HTTP Headers

Office

The following HTTP header MUST be included in all WOPI requests.

Header

Description

Authorization

Defined in [RFC2616]. This header MUST have the value "Bearer " + <token> as specified in section 2.2.2. Note that there must be a space between "Bearer" and <token>.

The following HTTP headers MAY be included with all WOPI requests.

Header

Description

X-WOPI-ClientVersion

A string specifying the version of the WOPI client. There is no standard for how this string is to be formatted. This string MUST NOT be used for anything other than logging.

X-WOPI-MachineName

A string indicating the name of the machine making the call, which MUST NOT be used for anything other than logging.

X-WOPI-PerfTraceRequested

A Boolean value that indicates that the WOPI client has requested the WOPI server to return a value for X-WOPI-PerfTrace.

X-WOPI-CorrelationID

A string that the WOPI server MAY use when logging server activity to correlate that activity with WOPI client activity.

X-WOPI-UsingRestrictedScenario

A restricted scenario is a case where a user is able to operate on a file in a limited way. For example, a user might be allowed to change a file in the course of filling out a form while not having permission to freely edit the file. The value of this header varies depending on the scenario. The value of this header is determined through convention understood by the client and server implementer.

The header MUST be present and the value must be correct in cases where the WOPI action (see section 3.1.5.1.1.2.2.4) represents a restricted scenario.

X-WOPI-Proof

A set of data signed using a SHA256 (A 256 bit SHA-2-encoded [FIPS180-2]) encryption algorithm. The value of X-WOPI-Proof is decrypted using the value of oldvalue in ct_wopi-proof-key section 3.1.5.1.1.2.2.5) in Discovery (section 3.1.5.1.1) as the public key.

The value of X-WOPI-Proof MUST match the following pattern.

4 bytes in network byte order representing the length of the <token> (see section 2.2.2) as an integer + the <token> represented in UTF-8 [UNICODE] +

4 bytes in network byte order representing the length of the URL of the WOPI request as an integer + the absolute URL of the WOPI request in uppercase +

4 bytes in network byte order representing the length of X-WOPI-TimeStamp (see this section) + the value of X-WOPI-TimeStamp

The intent of passing this header is to allow the WOPI server to validate that the WOPI request originated from the WOPI client that provided the public key in Discovery via ct_wopi-proof-key.

X-WOPI-ProofOld

A set of data signed using a SHA256 (A 256 bit SHA-2-encoded [FIPS180-2]) encryption algorithm. The value of X-WOPI-ProofOld is decrypted using the value of oldvalue or value in ct_wopi-proof-key section 3.1.5.1.1.2.2.5) in Discovery (section 3.1.5.1.1) as the public key.

The value of X-WOPI-Proof MUST match the following pattern.

4 bytes in network byte order representing the length of the <token> (see section 2.2.2) as an integer + the <token> represented in UTF-8 [UNICODE] +

4 bytes in network byte order representing the length of the URL of the WOPI request as an integer + the absolute URL of the WOPI request in uppercase +

4 bytes in network byte order representing the length of X-WOPI-TimeStamp (see this section) + the value of X-WOPI-TimeStamp

The intent of passing this header is to allow the WOPI server to validate that the WOPI request originated from the WOPI client that provided the public key in Discovery via ct_wopi-proof-key.

X-WOPI-TimeStamp

A 64-bit integer that represents the number of 100-nanosecond intervals that have elapsed between 12:00:00 midnight, January 1, 0001 and the time of the request. The WOPI client MUST include this HTTP header if it includes X-WOPI-Proof or X-WOPI-ProofOld.

The following HTTP headers can be included with all WOPI responses.

Header

Description

X-WOPI-ServerVersion

A string specifying the version of the WOPI server and MUST be included with all WOPI responses. There is no standard for how this string is to be formatted. This string MUST NOT be used for anything other than logging.

X-WOPI-MachineName

A string specifying the name of the WOPI server and MUST be included with all WOPI responses, which MUST NOT be used for anything other than logging.

X-WOPI-PerfTrace

A string that the WOPI client MAY use to track performance data. It is included in a WOPI response if the header X-WOPI-PerfTraceRequest in the request is present and equal to "true".

X-WOPI-ServerError

A string indicating that an error occurred while processing the WOPI request, which is included in a WOPI response if the status code is 500. This string MAY include details about the error, and MUST NOT be used for anything other than logging.

Show:
© 2015 Microsoft