[Solved] No setenv.add-response-header lines when http status code is 404
Added by atw717 about 1 year ago
Hi,
I have the following lines in my lighttpd.conf:
$HTTP["url"] =~ "\.xml$" { setenv.add-response-header = ( "Cache-Control" => "private, no-cache , no-store, must-revalidate,post-check=0, pre-check=0", "Access-Control-Allow-Origin" => "*" ) } setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
On a normal request that returns a http code 200, I see these headers but if the requested file doesn't exist and I get a http code 404, I don't see the 'Access-Control-Allow-Origin' response header. I traced this to the following line in src/response.c:
if (r->conf.range_requests && http_range_rfc7233(r) >= 400)
http_response_static_errdoc(r); /* 416 Range Not Satisfiable */
I'm not doing any range requests, so the above code shouldn't be modifying the response. Shouldn't we be checking if the http status code is not >=400 before calling http_range_rfc7233?
Is this something that needs to be fixed in code or do I need to make any changes to my lighttpd config file?
Replies (4)
RE: No setenv.add-response-header lines when http status code is 404 - Added by gstrauss about 1 year ago
http_range_rfc7233(r)
returns quickly without doing anything if the http_status != 200.
I took a quick glance at the code. Potentially running http_response_static_errdoc(r)
a second time seems like something to be avoided, so your suggestion to test http_status before calling http_range_rfc7233(r)
seems like a good one.
RE: No setenv.add-response-header lines when http status code is 404 - Added by gstrauss about 1 year ago
Thanks for your suggestion.
I have a patch on my development branch to check that http_status == 200
before calling http_range_rfc7233(r)
Until that is released, you have the option of disabling Range requests in your lighttpd.conf as a workaround. server.range-requests = "disable"
RE: [Solved] No setenv.add-response-header lines when http status code is 404 - Added by atw717 about 1 year ago
Thanks for the quick reply and the workaround. If I don't want to disable range-requests, the only option would be to patch the source, right?