Custom Query (2297 matches)
Results (70 - 72 of 2297)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#595 | invalid | add_header replaces previous headers when included | ||
Description |
My nginx config is basically the following: http { #whole bunch of other options left out add_header "test1" "value1"; include sites-enabled/*.conf; } Where a file in sites-enabled looks like this: server { listen 80; server_name example.com; #root, access_log etc left out add_header "test2" "value2"; } Only the test2 header shows up, while i expect both headers to show up in the output. |
|||
#2442 | duplicate | add_header unsanitized | ||
Description |
Hi team, there may be insufficient verification of the correctness of the header name or full header instruction. In my case, the mistape was sending the wrong header name. Example: add_header Permissions-Policy" "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)"; The result: HTTP2 stream breaks for any clients. HTTP1.1 breaks for iPhones and may be iMacs Best regards, Pavlo. |
|||
#2327 | duplicate | Adding cross-domain configuration in HTTP2 is invalid | ||
Description |
Invalid configuration as follows: server { listen 8080 http2; server_name localhost; location / { add_header 'Access-Control-Allow-Origin' $http_origin always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Headers' 'keep-alive,user-agent,cache-control,content-type,x-user-agent,x-grpc-web,grpc-timeout,device-tag'; if ($request_method = 'OPTIONS') { return 204; } grpc_pass grpc://192.168.0.12:31201; } } After debugging, the add_header command in http1.1 takes effect. After http2 is added, the add_header command becomes invalid |