Opened 7 years ago
Closed 7 years ago
#1324 closed defect (invalid)
add_header always doesn't work when sending HTTP response 451
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | other | Version: | 1.10.x |
Keywords: | Cc: | ||
uname -a: | Linux che 4.9.0-3-amd64 #1 SMP Debian 4.9.25-1 (2017-05-02) x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.10.3
built with OpenSSL 1.1.0d 26 Jan 2017 (running with OpenSSL 1.1.0f 25 May 2017) TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-F3HeH5/nginx-1.10.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-F3HeH5/nginx-1.10.3/debian/modules/nginx-auth-pam --add-dynamic-module=/build/nginx-F3HeH5/nginx-1.10.3/debian/modules/nginx-dav-ext-module --add-dynamic-module=/build/nginx-F3HeH5/nginx-1.10.3/debian/modules/nginx-echo --add-dynamic-module=/build/nginx-F3HeH5/nginx-1.10.3/debian/modules/nginx-upstream-fair --add-dynamic-module=/build/nginx-F3HeH5/nginx-1.10.3/debian/modules/ngx_http_substitutions_filter_module |
Description
I'm running nginx 1.10.3 on debian stable. I have the following config:
location /http451-example/dangerous.html { error_page 451 /http451-example/blocked-body.html; add_header Link "<https://spqr.example.org/legislatione>; rel=blocked-by" always; return 451; }
however, the Link
header doesn't appear in the HTTP response.
Additionally, i don't see any way to provide a description associated with the numeric response code. I would normally want to see something like HTTP/1.1 451 Unavailable for Legal Reasons.
This can be tested with:
0 dkg@alice:~$ wget -S -O/dev/null https://dkg.fifthhorseman.net/http451-example/dangerous.html --2017-07-15 17:17:01-- https://dkg.fifthhorseman.net/http451-example/dangerous.html Resolving dkg.fifthhorseman.net (dkg.fifthhorseman.net)... 162.247.75.118 Connecting to dkg.fifthhorseman.net (dkg.fifthhorseman.net)|162.247.75.118|:443... connected. HTTP request sent, awaiting response... HTTP/1.1 451 Server: nginx/1.10.3 Date: Sat, 15 Jul 2017 15:17:01 GMT Content-Type: text/html Content-Length: 190 Connection: keep-alive ETag: "596a275f-be" 2017-07-15 17:17:02 ERROR 451: (no description). 8 dkg@alice:~$
https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header says:
Adds the specified field to a response header provided that the response code equals 200, 201, 204, 206, 301, 302, 303, 304, 307, or 308. The value can contain variables. There could be several add_header directives. These directives are inherited from the previous level if and only if there are no add_header directives defined on the current level. If the always parameter is specified (1.7.5), the header field will be added regardless of the response code.
So i think the "always" should trigger header inclusion.
Change History (2)
comment:1 by , 7 years ago
comment:2 by , 7 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
The add_header
directive have to be used in the location where the response is actually returned. In the provided configuration snippet, however, it is used in the location /http451-example/dangerous.html
where an error is generated using the return
directive, and then the request is redirected to /http451-example/blocked-body.html
using the error_page
directive. As such, the add_header
in the provided configuration will never work.
To make things work, the configuration have to be changed to use the add_header
in the location where the request is redirected using error_page
, for example:
location /http451-example/dangerous.html { error_page 451 /http451-example/blocked-body.html; return 451; } location /http451-example/blocked-body.html { add_header Link "..." always; }
451 http status (https://trac.nginx.org/nginx/browser/nginx/src/http/ngx_http_request.h) and error page (https://trac.nginx.org/nginx/browser/nginx/src/http/ngx_http_special_response.c) must be introduced first in order to get default message for 451 status code page