nginx add_header not applied to some server contexts

huangapple
go评论48阅读模式
英文:

nginx add_header not applied to some server contexts

问题

我在nginx.conf文件的主http上有几个add_header指令,比如:

add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";

serverlocation上没有其他类似的指令。出于某种原因,这个头部不会应用到server上下文中。例如,像这样的:

server {
    server_name my.example.com;
    location / {
        proxy_pass http://192.168.1.1:12345;
    }

    location /robots.txt {
        return 200 "User-agent: *\nDisallow: /\n";
    }

    client_max_body_size 300M;

    listen 443 ssl; # 由Certbot管理
    ssl_certificate fullchain.pem; # 由Certbot管理
    ssl_certificate_key privkey.pem; # 由Certbot管理
    include options-ssl-nginx.conf; # 由Certbot管理
    ssl_dhparam ssl-dhparams.pem; # 由Certbot管理
}

这可能是什么原因造成的?

编辑:nginx版本为1.23.3。

/etc/letsencrypt/中的options-ssl-nginx.conf文件内容如下:

ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
# + 一行ssl_ciphers
英文:

I have several add_header directives in my main http context of the nginx.conf file, such as:

add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";

There no other such directives in server and location contexts. For some reason, the header is not applied to server contexts. For example, this one:

server {
        server_name my.example.com;
        location / {
            proxy_pass http://192.168.1.1:12345;
        }

        location /robots.txt {
            return 200 "User-agent: *\nDisallow: /\n";
        }

        client_max_body_size 300M;
    
        listen 443 ssl; # managed by Certbot
        ssl_certificate fullchain.pem; # managed by Certbot
        ssl_certificate_key privkey.pem; # managed by Certbot
        include options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam ssl-dhparams.pem; # managed by Certbot
    }

What could be causing this?

EDIT: nginx version is 1.23.3.

The file options-ssl-nginx.conf in /etc/letsencrypt/ has:

ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
# + one line of ssl_ciphers


</details>


# 答案1
**得分**: 1

如注释中所解释的,向`add_header`指令添加`always`参数可以使标头适用于所有类型的HTTP响应(包括错误),详情请参阅文档:http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header

<details>
<summary>英文:</summary>

As explained in comment, adding the `always` parameter to the `add_header` directive allows the header to be added for all kind of HTTP responses (errors included), see the doc for more details: http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header

</details>

huangapple
  • 本文由 发表于 2023年2月6日 18:02:58
  • 转载请务必保留本文链接:https://go.coder-hub.com/75359835.html
  • http
  • nginx
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定