#3 Server response headers not sent to client

closed
nobody
None
5
2003-10-26
2003-10-20
No

(I know, I just saw that this has been reported before
and that you already have fixed this in CVS. But I
thought I'd submit my patch anyway since my solution
was a little bit different.)

Client headers are filtered before being sent to the
server. The CONNECTION_HFILTERED flag is set in
connection->flags. Server response headers are not
filtered, but when sending them to the client
CONNECTION_HFILTERED is still set in connection-
>flags; the end result is that no headers are sent to the
client. E.g. not "Set-Cookie", which breaks some sites.

My solution to this was to move the FILTERED flag into
the HEADER struct instead, and I also added filtering of
the server response headers. I updated the XML config
file and web interface to allow choosing if a header list
entry applies to the client headers and/or the server
headers.

Discussion

  • Magnus Hyllander

    Fix for server header filtering. Unified diff applying to Middleman 1.9.

     
    Attachments
  • jason mclaughlin

    • status: open --> closed
     
  • jason mclaughlin

    Logged In: YES
    user_id=432781

    Thanks.. This is much better than my approach. Applied.

     
  • Magnus Hyllander

    Logged In: YES
    user_id=890690

    Glad to be of help. You might want to check that my
    placement of the header_filter call for the server response
    headers is good. I wasn't too sure of where in protocol_http I
    should put that.
    Another thought I had after submiting the patch was that
    maybe you would like to have separate allow/deny policies for
    the client header filtering and the server header filtering.
    Because typically I think you would like to be more restrictive
    on the client headers (using a deny policy and listing the
    allowed headers) than on the server headers (using an allow
    policy and listing the denied headers).

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks