I'm looking to add custom HTTP response headers to a Ruby on Rails app that is currently hosted on Heroku.
Asked
Active
Viewed 6.5k times
6 Answers
133
Use:
response.headers['HEADER NAME'] = 'HEADER VALUE'
either in a specific method or to a before_filter method of your application controller depending on whether you need this to be added in a specific or to all of your responses.
UPDATE for Rails 5 - February 24th, 2018
As noted by @BrentMatzelle in the comments, for Rails 5:
response.set_header('HEADER NAME', 'HEADER VALUE')
Lazarus Lazaridis
- 5,803
- 2
- 21
- 35
-
4Make sure that the value you set is a string, otherwise pow will give you strange errors – Avishai Sep 09 '15 at 21:30
-
1To add this to all actions in the controller use a `after_action`. – Hendrik Jul 19 '17 at 08:44
-
1This is not correct. You should not really access the response object. See instead: https://stackoverflow.com/a/44743475/1028679 and read the the comments! – rmcsharry May 16 '22 at 17:51
22
In Rails 3 or above, simply
headers['Header-Name'] = 'header value'
works in controllers. This is even the recommended way; according to the documentation,
Response is mostly a Ruby on Rails framework implementation detail, and should never be used directly in controllers. Controllers should use the methods defined in
ActionController::Baseinstead. For example, if you want to set the HTTP response’s content MIME type, then useActionController::Base#headersinstead ofResponse#headers.
Franklin Yu
- 8,920
- 6
- 43
- 57
-
3This is the most correct answer. Still most people ignore the documentation and use `response` object. – sekrett Feb 05 '21 at 07:08
-
1I don't understand the issue with using response, even the guides say "If you want to set custom headers for a response then response.headers is the place to do it." and headers are delegated from action controller to response. https://github.com/rails/rails/blob/v5.2.0/actionpack/lib/action_controller/metal.rb#L150 – fatfrog Nov 28 '21 at 21:42
-
1@fatfrog I think this is called [encapsulation](https://en.wikipedia.org/wiki/Encapsulation_(computer_programming)). Using the public interface is more robust, even if it simply delegates to a private interface; for example, in future the Rails team might want to add something in the `headers` method, which breaks you if you directly access the `response`. This is no new concept; in Java, many public `getFoo()` methods simply get you the private variable `this.foo`. – Franklin Yu Nov 29 '21 at 01:42
9
In rails 4, set the response headers in the application.rb or respective environment files. Once you done that, you can override the header value wherever you required in the controller. Refer this url for more details.
maniempire
- 791
- 11
- 12
5
If your headers are static, e.g. your own custom Server header, you can simply update config.action_dispatch.default_headers. The following example sets a custom Server header; add it to your config/application.rb or config/environments/...:
config.action_dispatch.default_headers["Server"] = "MyServer/#{config.version}"
(Assuming you set config.version earlier)
For more, see Rails Guides: Configuring Rails Applications: Configuring Action Dispatch:
config.action_dispatch.default_headersis a hash with HTTP headers that are set by default in each response.
This will be less work each request than running a controller callback.
NB: For more than one header use merge! to not remove existing essential XSS etc headers.
tantrix
- 1,248
- 12
- 14
4
In rails 4 works following:
class API::V1::BaseController
after_action :set_version_header
protected
def set_version_header
response.headers['X-ComanyName-Api-Version'] = 'V1'
end
end
Slava Zharkov
- 237
- 3
- 7