#3 Server response headers not sent to client

Magnus Hyllander

(I know, I just saw that this has been reported before
and that you already have fixed this in CVS. But I
thought I'd submit my patch anyway since my solution
was a little bit different.)

Client headers are filtered before being sent to the
server. The CONNECTION_HFILTERED flag is set in
connection->flags. Server response headers are not
filtered, but when sending them to the client
CONNECTION_HFILTERED is still set in connection-
>flags; the end result is that no headers are sent to the
client. E.g. not "Set-Cookie", which breaks some sites.

My solution to this was to move the FILTERED flag into
the HEADER struct instead, and I also added filtering of
the server response headers. I updated the XML config
file and web interface to allow choosing if a header list
entry applies to the client headers and/or the server


  • Fix for server header filtering. Unified diff applying to Middleman 1.9.

    • status: open --> closed
  • Logged In: YES

    Thanks.. This is much better than my approach. Applied.

  • Logged In: YES

    Glad to be of help. You might want to check that my
    placement of the header_filter call for the server response
    headers is good. I wasn't too sure of where in protocol_http I
    should put that.
    Another thought I had after submiting the patch was that
    maybe you would like to have separate allow/deny policies for
    the client header filtering and the server header filtering.
    Because typically I think you would like to be more restrictive
    on the client headers (using a deny policy and listing the
    allowed headers) than on the server headers (using an allow
    policy and listing the denied headers).