Opened 4 years ago

Closed 4 years ago

#1221 closed defect (invalid)

add_header conflict

Reported by: privacyisright@… Owned by:
Priority: major Milestone:
Component: nginx-core Version: 1.6.x
Keywords: Cc:
uname -a: Debian Jessie 3.16.39-1+deb8u2 i686
nginx -V: nginx version: nginx/1.6.2
(**Latest** stable version from Debian APT)

Description

http{
...
add_header X-Frame-Options "deny";
add_header Last-Modified "XXX";
...
}
server{
listen 80;
...
}
server{
listen 443 ssl;
...
add_header Strict-Transport-Security "something";
}


Actual Result:
HTTP Website see 2 add_headers(OK).
HTTPS Website see only one header(Strict-Transport-Security, not OK).

Expected Result:
HTTPS Website should shoe 3 headers; 2 from http global definition,
and 1 from server block.

Change History (1)

comment:1 by Maxim Dounin, 4 years ago

Resolution: invalid
Status: newclosed

This is expected behaviour, quoting docs:

There could be several add_header directives. These directives are inherited from the previous level if and only if there are no add_header directives defined on the current level.

If you want nginx to return all the 3 headers in a particular server, you should explicitly write all three add_headers directives in the server block in question.

Note: See TracTickets for help on using tickets.