Project

General

Profile

Actions

Bug #2709

closed

setenv.add-response-header does not accumulate

Added by flynn over 9 years ago. Updated about 9 years ago.

Status:
Invalid
Priority:
Low
Category:
-
Target version:
-
ASK QUESTIONS IN Forums:

Description

If adding response headers more than once with += only the last configuration is respected.

Example:

setenv.add-response-header += ( "Strict-Transport-Security" => "max-age=63072000; includeSubDomains" )

and later:

setenv.add-response-header += ( "X-Content-Type-Options" => "nosniff" )

only the last header is added, here "X-Content-Type-Options".

With alias.url the operator += works fine, so I expected this working here the same way.

My current workaround is:

setenv.add-response-header += (
"X-Content-Type-Options" => "nosniff",
"Strict-Transport-Security" => "max-age=63072000; includeSubDomains"
)

but then I have to repeat the Strict-Transport-Security header multiple times ...

Actions #1

Updated by flynn over 9 years ago

I recognized, that it does not happen on all my servers.

The described behaviour only happens, if the second statement of setenv.add-response-header
is inside a host-group:

$HTTP["host"] =~ .... {
  setenv.add-response-header += ( "X-Content-Type-Options" => "nosniff" ) 
}

The first setenv.add-response-header is not inside a host-group, so I expected it is global.

Bug or intended feature?

Actions #2

Updated by stbuehler over 9 years ago

  • Status changed from New to Invalid

It is the way the config works, += is evaluated as a preprocessing step. Try the -p option to see how lighttpd actually sees your config.

Actions

Also available in: Atom