Forums » Support »
HTTP Header errors for 1.4.56
Added by maxentry over 3 years ago
Hi - I am preparing to deploy 1.4.56 into production but I am getting errors from both Chrome and Edge Chromium relating to the setting of http headers, e.g
Access to XMLHttpRequest at 'https://somesite' from origin 'https://othersite' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
The header is seton my page though
!
!
If the response headers from lighttpd contain access-control-allow-origin: *, which you have set, then what else do you expect lighttpd to be doing that lighttpd is not doing?
Please carefully read How to Get Support
I actually suspected that the cause may have been the lower case (though that does not seem to affect the content-type and encoding etc)
I actually suspected that the cause may have been the lower case (though that does not seem to affect the content-type and encoding etc)
No. Header fields are case-insensitive in the HTTP specification.
As in https://redmine.lighttpd.net/boards/2/topics/9498, you changed too many things and caused your own mess.
I should note that lighttpd 1.4.56 has not been officially released yet. Debian testing contains 1.4.56~rc7 (release candidate 7)
Given the abilities that you have demonstrated thus far, I strongly recommend that you not deploy your "new" configuration to production.
gstrauss wrote in RE: HTTP Header errors for 1.4.56:
Given the abilities that you have demonstrated thus far, I strongly recommend that you not deploy your "new" configuration to production.
OK
More generally: I do not recommend putting a release candidate from an upstream provider into production for whatever is production for your site.
lighttpd 1.4.56~rc7 is a release candidate. There have been bug fixes committed since lighttpd 1.4.56~rc7.