38

I've seen people use excessive quotes:

add_header 'Access-Control-Allow-Origin' '*';

I've seen people use no quotes:

add_header Access-Control-Allow-Origin *;

Both work fine as far as I know, so when do you actually have to use quotes?

Pothi Kalimuthu
  • 6,117
  • 2
  • 26
  • 38
Oliver Salzburg
  • 4,635
  • 17
  • 55
  • 82

3 Answers3

40

The exact answer is "never". You can either quote or \-escape some special characters like " " or ";" in strings (characters that would make the meaning of a statement ambiguous), so 

add_header X-MyHeader "Test String;";

would work like

add_header X-MyHeader Test\ String\;;

In reality: Just use quotes :)

Edit: As some people love to nitpick: The not necessarily complete list of characters that can make a statement ambiguous is according to my understanding of the nginx config syntax: 

<space> " ' { } ; $ \

and it might be necessary to escape $ and \ even in quoted strings to avoid variable expansion.

Unfortunately, I can't find a complete and authoritative list of such characters in the docs.

Sven
  • 98,649
  • 14
  • 180
  • 226
  • 9
    It's not always about nitpicking. Configuration file might be generated by a third-party software. Which might be provided with a template and variables to be interpolated. The software can't be sure what the variables can contain, so ideally it should know how to quote any string. – x-yuri Jan 26 '19 at 14:16
  • 1
    e.g. `try_files $uri $uri/ /index.php$request_uri;` vs `try_files '$uri' '$uri/' '/index.php$request_uri';`. In the former, Nginx variables get expanded, in the latter - processed as plain string. `'/index.php'$request_uri;` might make sense, perhaps, too. Related: https://gnu.org/software/bash/manual/html_node/Shell-Parameter-Expansion.html – Artfaith Sep 12 '22 at 12:42
  • @Faither Wow, nice find. Seems like one should enclose strings in quotes for performance where possible. Strangely, real-world configs from nginx.com never (or rarely) seem to use quotes (even with `try_files`); always thought values are evaluated regardless of quotes as a result. Guess they consider the performance gain to be negligible? – Xen Oct 29 '22 at 21:00
  • 1
    After putting this to the test, it appears that variables enclosed in quotes continue to be expanded with other options where `$` would still need to be escaped explicitly if part of a string. Judging from this behaviour, it seems that there is probably no performance benefit to be had; strings **not** enclosed in quotes will still end up as strings in memory once processed. Seems that the only real benefit to using quotes is legibility and not having to escape spaces etc. – Xen Oct 29 '22 at 23:05
8

Quotes are required for values which are containing space(s) and/or some other special characters, otherwise nginx will not recognize them. In your current example quotes make no difference, but anyway quoting values is a good practice/rule of thumb

user1700494
  • 1,642
  • 2
  • 12
  • 21
  • 5
    What are the list of special characters. Is there documentation on this and how to escape them. I've seen both single and double quotes on the same lines... – Pork 'n' Bunny Sep 12 '17 at 15:23
2

One snippet from the documentation for 'if':

If a regular expression includes the “}” or “;” characters, the whole expressions should be enclosed in single or double quotes.

There is also mention of escaping the source (left-side match) values in a map:

If a source value matches one of the names of special parameters described below, it should be prefixed with the “\” symbol...

  • default value ...
  • hostnames ...
  • include file ...
  • volatile
Ed Randall
  • 168
  • 6