[Solved] No setenv.add-response-header lines when http status code is 404
Added by atw717 almost 3 years ago
Hi,
I have the following lines in my lighttpd.conf:
$HTTP["url"] =~ "\.xml$" {
setenv.add-response-header = (
"Cache-Control" => "private, no-cache , no-store, must-revalidate,post-check=0, pre-check=0",
"Access-Control-Allow-Origin" => "*"
)
}
setenv.add-response-header = (
"Access-Control-Allow-Origin" => "*"
)
On a normal request that returns a http code 200, I see these headers but if the requested file doesn't exist and I get a http code 404, I don't see the 'Access-Control-Allow-Origin' response header. I traced this to the following line in src/response.c:
if (r->conf.range_requests && http_range_rfc7233(r) >= 400)
http_response_static_errdoc(r); /* 416 Range Not Satisfiable */
I'm not doing any range requests, so the above code shouldn't be modifying the response. Shouldn't we be checking if the http status code is not >=400 before calling http_range_rfc7233?
Is this something that needs to be fixed in code or do I need to make any changes to my lighttpd config file?
Replies (4)
RE: No setenv.add-response-header lines when http status code is 404 - Added by gstrauss almost 3 years ago
http_range_rfc7233(r) returns quickly without doing anything if the http_status != 200.
I took a quick glance at the code. Potentially running http_response_static_errdoc(r) a second time seems like something to be avoided, so your suggestion to test http_status before calling http_range_rfc7233(r) seems like a good one.
RE: No setenv.add-response-header lines when http status code is 404 - Added by gstrauss almost 3 years ago
Thanks for your suggestion.
I have a patch on my development branch to check that http_status == 200 before calling http_range_rfc7233(r)
Until that is released, you have the option of disabling Range requests in your lighttpd.conf as a workaround. server.range-requests = "disable"
RE: [Solved] No setenv.add-response-header lines when http status code is 404 - Added by atw717 almost 3 years ago
Thanks for the quick reply and the workaround. If I don't want to disable range-requests, the only option would be to patch the source, right?