id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 2459 X-Accel-Redirect'ed response contains both upstreams Cache-Control headers, not only the last one Dmitrii Titarenko "Config: {{{ server { listen 80; server_name localhost; location / { proxy_pass http://127.0.0.1:8000/; } location /int/ { internal; proxy_pass http://127.0.0.1:8888/; } } }}} Run 2 upstreams, the first one is for an external location with X-Accel-Redirect: {{{ while true; do printf 'HTTP/1.1 200 OK\r\nX-Accel-Redirect:/int/\r\nCache-Control:no-cache,no-store\r\nContent-Length:0\r\n\r\n'; done | nc -vklp 8000 }}} And the second one is for an internal location: {{{ while true; do printf 'HTTP/1.1 200 OK\r\nContent-Type:text/plain\r\nCache-Control:private,max-age=123\r\nContent-Length:5\r\n\r\nHello'; done | nc -vklp 8888 }}} Run curl to the external location: {{{ $ curl -v 127.0.0.1 * Trying 127.0.0.1:80... * Connected to 127.0.0.1 (127.0.0.1) port 80 (#0) > GET / HTTP/1.1 > Host: 127.0.0.1 > User-Agent: curl/7.81.0 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Server: nginx/1.23.3 < Date: Thu, 23 Feb 2023 18:09:40 GMT < Content-Type: text/plain < Content-Length: 5 < Connection: keep-alive < Cache-Control: no-cache,no-store <--- (!) < Cache-Control: private,max-age=123 <--- (!) < * Connection #0 to host localhost left intact }}} Both Cache-Control headers are present in the response. Expected: only the last one. Some web frameworks add 'Cache-Control:private' by default (sometimes without provided way to change this behaviour). In that case response contains complete duplicates." defect closed minor nginx-core 1.23.x invalid Linux usr-VirtualBox 5.15.0-46-generic #49-Ubuntu SMP Thu Aug 4 18:03:25 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux "nginx version: nginx/1.23.3 built by gcc 11.2.0 (Ubuntu 11.2.0-19ubuntu1) built with OpenSSL 3.0.2 15 Mar 2022 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.23.3/debian/debuild-base/nginx-1.23.3=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'"