Custom Query (2297 matches)
Results (70 - 72 of 2297)
| Ticket | Resolution | Summary | Owner | Reporter |
|---|---|---|---|---|
| #595 | invalid | add_header replaces previous headers when included | ||
| Description |
My nginx config is basically the following: http {
#whole bunch of other options left out
add_header "test1" "value1";
include sites-enabled/*.conf;
}
Where a file in sites-enabled looks like this: server {
listen 80;
server_name example.com;
#root, access_log etc left out
add_header "test2" "value2";
}
Only the test2 header shows up, while i expect both headers to show up in the output. |
|||
| #2442 | duplicate | add_header unsanitized | ||
| Description |
Hi team, there may be insufficient verification of the correctness of the header name or full header instruction. In my case, the mistape was sending the wrong header name. Example: add_header Permissions-Policy" "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)"; The result: HTTP2 stream breaks for any clients. HTTP1.1 breaks for iPhones and may be iMacs Best regards, Pavlo. |
|||
| #2327 | duplicate | Adding cross-domain configuration in HTTP2 is invalid | ||
| Description |
Invalid configuration as follows: server {
listen 8080 http2;
server_name localhost;
location / {
add_header 'Access-Control-Allow-Origin' $http_origin always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'keep-alive,user-agent,cache-control,content-type,x-user-agent,x-grpc-web,grpc-timeout,device-tag';
if ($request_method = 'OPTIONS') {
return 204;
}
grpc_pass grpc://192.168.0.12:31201;
}
}
After debugging, the add_header command in http1.1 takes effect. After http2 is added, the add_header command becomes invalid |
|||
