Allow sending headers in extension widget

svilenmarkov · svilenmarkov · commit c6e0230e5d7b · 2025-03-26T17:59:41.000Z
diff --git a/docs/configuration.md b/docs/configuration.md
@@ -1413,6 +1413,7 @@ Display a widget provided by an external source (3rd party). If you want to lear
 | url | string | yes | |
 | fallback-content-type | string | no | |
 | allow-potentially-dangerous-html | boolean | no | false |
+| headers | key & value | no | |
 | parameters | key & value | no | |
 
 ##### `url`
@@ -1421,6 +1422,14 @@ The URL of the extension. **Note that the query gets stripped from this URL and
 ##### `fallback-content-type`
 Optionally specify the fallback content type of the extension if the URL does not return a valid `Widget-Content-Type` header. Currently the only supported value for this property is `html`.
 
+##### `headers`
+Optionally specify the headers that will be sent with the request. Example:
+
+```yaml
+headers:
+  x-api-key: ${SECRET_KEY}
+```
+
 ##### `allow-potentially-dangerous-html`
 Whether to allow the extension to display HTML.
 
diff --git a/internal/glance/widget-extension.go b/internal/glance/widget-extension.go
@@ -22,6 +22,7 @@ type extensionWidget struct {
 	URL                 string               `yaml:"url"`
 	FallbackContentType string               `yaml:"fallback-content-type"`
 	Parameters          queryParametersField `yaml:"parameters"`
+	Headers             map[string]string    `yaml:"headers"`
 	AllowHtml           bool                 `yaml:"allow-potentially-dangerous-html"`
 	Extension           extension            `yaml:"-"`
 	cachedHTML          template.HTML        `yaml:"-"`
@@ -46,6 +47,7 @@ func (widget *extensionWidget) update(ctx context.Context) {
 		URL:                 widget.URL,
 		FallbackContentType: widget.FallbackContentType,
 		Parameters:          widget.Parameters,
+		Headers:             widget.Headers,
 		AllowHtml:           widget.AllowHtml,
 	})
 
@@ -85,6 +87,7 @@ type extensionRequestOptions struct {
 	URL                 string               `yaml:"url"`
 	FallbackContentType string               `yaml:"fallback-content-type"`
 	Parameters          queryParametersField `yaml:"parameters"`
+	Headers             map[string]string    `yaml:"headers"`
 	AllowHtml           bool                 `yaml:"allow-potentially-dangerous-html"`
 }
 
@@ -113,6 +116,10 @@ func fetchExtension(options extensionRequestOptions) (extension, error) {
 		request.URL.RawQuery = options.Parameters.toQueryString()
 	}
 
+	for key, value := range options.Headers {
+		request.Header.Add(key, value)
+	}
+
 	response, err := http.DefaultClient.Do(request)
 	if err != nil {
 		slog.Error("Failed fetching extension", "url", options.URL, "error", err)
