Home Explore Help
Sign In
SMusatov
/
gixy
mirror of https://github.com/yandex/gixy.git
1
0
Fork 0
Files
Branch: fix-63
Branches Tags
gixy
/
docs
/
en
/
plugins
/
addheadermultiline.md

addheadermultiline.md 873 B
Permalink History Raw

[add_header_multiline] Multiline response headers

You should avoid using multiline response headers, because:

  • they are deprecated (see RFC 7230);
  • some HTTP-clients and web browser never supported them (e.g. IE/Edge/Nginx).

How can I find it?

Misconfiguration example:

# http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
add_header Content-Security-Policy "
    default-src: 'none';
    script-src data: https://yastatic.net;
    style-src data: https://yastatic.net;
    img-src data: https://yastatic.net;
    font-src data: https://yastatic.net;";

# https://www.nginx.com/resources/wiki/modules/headers_more/
more_set_headers -t 'text/html text/plain'
    'X-Foo: Bar
        multiline';

What can I do?

The only solution is to never use multiline response headers.