Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [http-headers]

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

Refer to RFC 2616

624 questions
0
votes
0 answers

Browser not sending username with request in HTTP headers

I'm facing an issue where the browser is not sending the username with the request headers in my web application. I've tried using Google chrome and Edge for testing purposes. I have observed this problem specifically with the following…
logeeks
  • 119
  • 2
0
votes
1 answer

CORS access-control headers not visible in the response headers section of Chrome inspector

Using https://cors-test.codehappy.dev/ to test our test server's new CORS policy, we receive: These are the response headers received when making the request: access-control-allow-credentials: true access-control-allow-methods: GET, POST, DELETE,…
Steve
  • 365
  • 2
  • 7
  • 18
0
votes
1 answer

Caddyfile header directive unable to override file_server ETag

Invoking caddy run against the Caddyfile: http://localhost header ETag forcedValue file_server I expect curl -v http://localhost/Caddyfile to show a response with the ETag forcedValue. Instead, a generated tag based on the Caddyfile's mtime and…
Charles Duffy
  • 946
  • 2
  • 10
  • 19
0
votes
0 answers

Apache Server Config Set Headers Conditionally

I am trying to set cache age for 200 responses and no cache for rest of the calls. I tried below config, which works fine when 200 OK response comes up and I can see max-age=800 in headers But for other responses like 400 etc. I am not able to see…
Vivek Dhiman
  • 101
  • 1
0
votes
0 answers

Content-Security-Policy frame-ancestors not working

I'm running an OpenLiteSpeed server and would like to only allow webpages that start with a specific url on my site (e.g. https://example.com/video/**) to be iframed by others. (I want to allow anyone to add an iframe to their site, but they can…
harvey
  • 101
  • 2
0
votes
0 answers

Apache htaccess denying requests for iOS connections when proper headers are passed

In my the directory for my api, my htaccess file has the following lines: Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS" Header always set Access-Control-Allow-Headers "Pragma,…
rolinger
  • 103
  • 2
0
votes
1 answer

Writing a RewriteRule based on X-Forwarded-Host

I have an Apache webserver behind a load balancer which proxies request to Apache and have problem regarding configuring directories. Here is my scenario: Upper Load Balancer proxies request to Apache with adding original Hostname in…
Ageniz Shop
  • 3
  • 2
0
votes
0 answers

Built header value not working

I am building an Authorization header before forwarding the request to the proper service. The token is being passed to Nginx as a query string parameter named custom. Here is the thing: set $auth_header 'Bearer $arg_custom'; proxy_set_header…
Felix Batista
  • 1
  • 1
0
votes
1 answer

Apache include value of %{TIME_YEAR} variable in an HTTP response header

I'm trying to do something like the following: Header always set Attention "you are using still using IPV4 in %{TIME_YEAR}, please blahblah etc" (please withhold commentary regarding the viability of communicating…
Displayname71
  • 109
  • 1
  • 7
0
votes
0 answers

How to set Access-Control-Allow-Origin for multiple origin domains with Tomcat?

An answer on SO to the same nice - and following guidelines - question but for Apache, how to set Access-Control-Allow-Origin entry header for multiple origin domains deals with .htaccess, checking from a list of allowed origins and returning the…
Amessihel
  • 113
  • 8
0
votes
1 answer

Apache sends corrupted header

I have configured a basic virtual host just to be able to list a specific directory on the server. For the local files it’s working perfectly, but one of the folder listed at the root is a symlink to a folder outside DocumentRoot. The listing of the…
gregseth
  • 193
  • 2
  • 8
0
votes
0 answers

Setting "Content-Security-Policy default-src https:" breaks site

I need to set the Content-Security-Policy header to allow loading scripts from any HTTPS source. When I add the following line to my nginx configuration, the look and feel of the site breaks. What am I missing? add_header Content-Security-Policy…
electrophile
  • 111
  • 3
0
votes
2 answers

Apache: I cannot set full cache header for text/html using htaccess

I had a similar problem where I couldn't set the full cache header for JS and CSS files in my htaccess file, and it turned out I couldn't because the cache expiry was being set on the server and I had to add AllowOverride all in the vhost container…
228
  • 1
  • 1
0
votes
1 answer

Apache2.4 SetEnv to value of request header

I want to set the value of env with a request header. SetEnv X_THING %{req:thing} but it's not working as planned; it looks like the value of SetEnv isn't being evaluated.
Konchog
  • 101
  • 2
0
votes
0 answers

Nginx won't serve images with proper headers (example + conf provided)

Here is an example of an image that is being served incorrectly : https://www.questionhosting.com/product/temp.jpg here is my config server { listen 80; listen 443 ssl; listen [::]:80 default ipv6only=on; listen [::]:443 ssl…
hendr1x
  • 101
  • 3
1 2 3
41 42