Comments (7)
Thanks for the feedback.
Inclusion at the global level would be appropriate.
Yep, it makes sense to apply some of the options in the action
object into the http
object.
Compared to nginx configuration. The settings/http
is similar to the http main context, and the action
is similar to the location context. So we need to introduce always
into the response_headers
to make each action able to control the status scope.
The configuration would look like:
{
"settings": {
"http": {
"server_version": false,
"response_headers_always": true
}
},
"routes": [
{
"action": {
"response_headers": {
"always": true,
"Access-Control-Allow-Origin": "${header_origin}",
"Access-Control-Allow-Credentials": "true",
"Access-Control-Allow-Methods": "GET, POST, OPTIONS, PUT, DELETE",
"Access-Control-Allow-Headers": "Accept, Authorization, Content-Type"
}
}
}
]
}
request_header for 4xx and 5xx codes
"response_headers for 4xx and 5xx codes"
Btw, we are discussing the response_headers? If yes, feel free to change the issue title.
from unit.
Hi,
Unit hasn't supported the always
option in the latest version. Actually, we thought about it. We also consider supporting it with njs.
Btw, what's your configuration about the response_headers
option?
I wonder if your requirement is only to add always
to work with all the response status? Or there is a more complicated logic?
from unit.
I wonder if your requirement is only to add always to work with all the response status? Or there is a more complicated logic?
There is no complicated logic.
{
"routes": [
{
"match":{
"method": "GET"
},
"action": {
"response_headers": {
"Access-Control-Allow-Origin": "${header_origin}",
"Access-Control-Allow-Credentials": "true",
"Access-Control-Allow-Methods": "GET, POST, OPTIONS, PUT, DELETE",
"Access-Control-Allow-Headers": "Accept, Authorization, Content-Type"
}
}
}
]
}
Inclusion at the global level would be appropriate.
{
"settings": {
"http": {
"server_version": false,
"response_headers_always": true
}
}
}
from unit.
Thanks for the feedback.
Inclusion at the global level would be appropriate.
Yep, it makes sense to apply some of the options in the
action
object into thehttp
object. Compared to nginx configuration. Thesettings/http
is similar to the http main context, and theaction
is similar to the location context. So we need to introducealways
into theresponse_headers
to make each action able to control the status scope.
if this is the case, whats the global
configuration dooing? Setting response_headers_always
true
would turn it on for all response header actions? And off
would turn if off
which is the default until somebody turnes it to on
on the action
level?
The configuration would look like:
{ "settings": { "http": { "server_version": false, "response_headers_always": true } }, "routes": [ { "action": { "response_headers": { "always": true, "Access-Control-Allow-Origin": "${header_origin}", "Access-Control-Allow-Credentials": "true", "Access-Control-Allow-Methods": "GET, POST, OPTIONS, PUT, DELETE", "Access-Control-Allow-Headers": "Accept, Authorization, Content-Type" } } } ] }
request_header for 4xx and 5xx codes
"response_headers for 4xx and 5xx codes" Btw, we are discussing the response_headers? If yes, feel free to change the issue title.
I think we are good at the action
level for now as dealing with the global settings sounds like a little bit to overkill to me. We would need to write a good amount of documentation to let users know when to use what settings. Let's start with the on-action basis. We have to discuss whats the effort of this change and if it fits well into one of the next releases.
from unit.
Thanks for the feedback.
Inclusion at the global level would be appropriate.
Yep, it makes sense to apply some of the options in the
action
object into thehttp
object. Compared to nginx configuration. Thesettings/http
is similar to the http main context, and theaction
is similar to the location context. So we need to introducealways
into theresponse_headers
to make each action able to control the status scope.if this is the case, whats the
global
configuration dooing? Settingresponse_headers_always
true
would turn it on for all response header actions? Andoff
would turn ifoff
which is the default until somebody turnes it toon
on theaction
level?The configuration would look like:
{ "settings": { "http": { "server_version": false, "response_headers_always": true } }, "routes": [ { "action": { "response_headers": { "always": true, "Access-Control-Allow-Origin": "${header_origin}", "Access-Control-Allow-Credentials": "true", "Access-Control-Allow-Methods": "GET, POST, OPTIONS, PUT, DELETE", "Access-Control-Allow-Headers": "Accept, Authorization, Content-Type" } } } ] }
request_header for 4xx and 5xx codes
"response_headers for 4xx and 5xx codes" Btw, we are discussing the response_headers? If yes, feel free to change the issue title.
I think we are good at the
action
level for now as dealing with the global settings sounds like a little bit to overkill to me. We would need to write a good amount of documentation to let users know when to use what settings. Let's start with the on-action basis. We have to discuss whats the effort of this change and if it fits well into one of the next releases.
I thought it was easier to do it on a global level.
"response_headers_always": true
- better than nothing.
But "always": true
is certainly more correct and flexible.
from unit.
I have just looked into our internal documentation (Which I will move to Github - as there is no reason keeping the discussion about the way we want to work with response headers in the private).
Always sending all response headers are not a good idea. For example Cache-Control
Headers should not be send if the HTTP-Status of the response is 404
.
I think the best solution is to introduce a more detailed response_header
object in the Unit configuration making it easier for you to define what Header should be sent with what HTTP-Status code. The rule should be:
If not defined differently, the HTTP-Header will only be sent on positive HTTP-Status Codes (2xx,3xx). Not for 4xx and 5xx.
If defined differently like
[
{
"action": {
"share": "/var/www$uri",
"response_headers": {
"Set-Cookie": {
"value": "returnee=true",
"status": [200, 404, "5xx"]
}
}
}
}
]
headers can be included in 5xx and 4xx messages. I would support BOTH way to configure headers
[
{
"action": {
"share": "/var/www$uri",
"response_headers": {
"X-Test-Header-Short": "Value-for-short",
"Set-Cookie": {
"value": "returnee=true",
"status": [200, 404, "5xx"]
}
}
}
}
]
@hongzhidao what do you think? I will move this into a discussion thread to have the function requirements about response headers in Unit in a new thread.
from unit.
I'd like to ask @AlekseyArh if the suggestion meets your requirements.
@tippexs, what does your configuration look like for @AlekseyArh example?
from unit.
Related Issues (20)
- Missing http.ServerResponse.flushHeaders function HOT 4
- Unit building PHP modules. Version confusion. HOT 7
- Unable to compile an nginx unit Golang application under Windows HOT 1
- Docker: Unable to build images for PHP 8.3.0RC6 using packages Makefile HOT 17
- PHP 8.3 official unit image HOT 7
- Add HTTP Range header support HOT 1
- Can Unit run NodeJS Nuxt applications? HOT 8
- Nginx unit daemon json logs HOT 3
- Best practice for handling concurrent jobs in a multi-instance Express app HOT 1
- python asgi stop response HOT 6
- Are Python WebSockets under SSL intended to work? HOT 10
- Support for request headers HOT 2
- Does ngix for windows support http_perl_module? HOT 2
- npm: unit-http: should we replace the https package as well?
- Nginx unit's analog for fpm max_children HOT 1
- how to add in image HOT 3
- compile unit with only needed language support
- Trailing slash rewrite - duplicated content SEO issue
- "error": "Failed to apply new configuration." - REG HOT 2
- questions around embedding `libunit` in Julia HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from unit.