Opened 3 years ago
Closed 3 years ago
#2302 closed defect (invalid)
Adding `proxy_hide_header` to `location` context completely deactivates `proxy_hide_header` directives in `server` context
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.19.x |
| Keywords: | proxy_hide_header proxy_pass | Cc: | usenkovdmitry@… |
| uname -a: | Linux ef0f6e0ed935 5.11.0-44-generic #48~20.04.2-Ubuntu SMP Tue Dec 14 15:36:44 UTC 2021 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.21.4
built by gcc 10.2.1 20210110 (Debian 10.2.1-6) built with OpenSSL 1.1.1k 25 Mar 2021 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.21.4/debian/debuild-base/nginx-1.21.4=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' |
||
Description
This behavior was discovered first on 1.18.0 (Ubuntu 20.04) but can be reproduced with the latest docker container.
events {
worker_connections 1024;
}
http {
server {
listen 80;
proxy_http_version 1.1;
proxy_ssl_server_name on;
#doesn't work unless `proxy_hide_header` in location / is removed
proxy_hide_header Link;
location / {
proxy_pass https://www.nginx.com;
#works, but `proxy_hide_header` in `server` context stops working
proxy_hide_header X-Pingback;
}
}
}
sudo docker run -p 3000:80 -it -v /home/dmitry/nginx.conf:/etc/nginx/nginx.conf:ro nginx
curl localhost:3000/ -I
You'll see that Link header is passed to curl (even though proxy_hide_header Link; is there). Try to remove proxy_hide_header X-Pingback; from location, restart nginx and curl again. Link header will be hidden as it should.
Note:
See TracTickets
for help on using tickets.
Much like any directives in nginx configuration,
proxy_hide_headerdirectives are inherited from the previous configuration level only if there are noproxy_hide_headerdirectives defined on the current level. That is, the behaviour you observe is exactly as it should be: when you redefine headers to hide at the location level, the list of headers to hide is redefined, not extended.