Caddy: Header overwrite function appends 'x-powered-by' instead of overwrite
1. What version of Caddy are you using (caddy -version)?
0.10.6
2. What are you trying to do?
Overwrite headers
3. What is your entire Caddyfile?
fastcgi / unix:/run/php-fpm/php-fpm.sock php
rewrite {
to {path} {path}/ /index.php?{query}
}
header / {
x-powered-by "PHP"
}
4. How did you run Caddy (give the full command and describe the execution environment)?
systemd
5. Please paste any relevant HTTP request(s) here.
curl --head
6. What did you expect to see?
HTTP/2 200
cache-control: no-cache, private
content-type: text/html; charset=UTF-8
date: Wed, 16 Aug 2017 12:41:38 GMT
server: Caddy
x-powered-by: PHP
7. What did you see instead (give full error messages and/or log)?
HTTP/2 200
cache-control: no-cache, private
content-type: text/html; charset=UTF-8
date: Wed, 16 Aug 2017 12:41:38 GMT
server: Caddy
x-powered-by: PHP
x-powered-by: PHP/7.1.8
8. How can someone who is starting from scratch reproduce the bug as minimally as possible?
As per https://caddyserver.com/docs/header the behaviour currently seen should seen when using +name.
watermelonjuice
All 7 comments
I can reproduce this, but it seems to be specifically related to X-Powered-By.
as I have tried with other headers such as Server and it is overwritten as expected.
with this caddyfile
biochar.kinchik.ie:80 {
root D:\Development\websites\test\radishjam
fastcgi / localhost:40149 php
header / x-powered-by "PHP"
header / SERVER "unknown"
startup d:\php7\php-cgi.exe -b 40149 &
}
x-powered-by is duplicated whereas SERVER is replaced.
Content-Length:10
Content-Type:text/html; charset=UTF-8
Date:Wed, 16 Aug 2017 14:18:31 GMT
Server:unknown
X-Powered-By:PHP
X-Powered-By:PHP/7.0.11
tobya
on 16 Aug 2017
The issue is on this line in fastcgi
func writeHeader(w http.ResponseWriter, r *http.Response) {
for key, vals := range r.Header {
for _, val := range vals {
w.Header().Add(key, val)
}
}
w.WriteHeader(r.StatusCode)
}
The header is added with the add() method rather than Set(). This would be easy to fix. I can submit a PR
@mholt is there any reason that we would cause issue if fastcgi overwrote headers rather than adding?
tobya
on 16 Aug 2017
Actually the issue is that the Response header is set before the fastcgi header. I'll investigate a bit more
tobya
on 16 Aug 2017
Never quite as straightforward as they seem.
I tried just replacing Add() with Set() but now fastcgi still executes after header so the fastcgi header overwrites the one set by the header directive.
I have tried moving the fastcgi and header directives up and down the list in plugin.go to no avail. The header directive seems to execute first and then they get overridden.
I'll keep looking.
tobya
on 16 Aug 2017
As the headers are coming from different places (php-fpm) and Caddy, the simplest 'solution', in terms of achieving what @watermelonjuice wants to achieve is:
Stop php adding its php header, then have caddy add the php header that you want.
So, in php.ini, look for expose_php = On and set to Off
And in Caddy, do as you have done:
header / {
x-powered-by "PHP"
}
And that way you'll get x-powered-by "PHP" instead of x-powered-by "PHP/7xxx".
Not exactly a fix, but a solution to work around the way things are processed.
omz13
on 14 Sep 2017
I wonder might #1937 allow this to be fixed?
tobya
on 8 Nov 2017
This should be resolved in Caddy 2, since we've restructured the middleware chains and header handling.
mholt
on 10 Jun 2019
Related issues
aeroxy
路
3Comments
whs
路
3Comments
treviser
路
3Comments
kilpatty
路
3Comments
klaasel
路
3Comments
Most helpful comment
Never quite as straightforward as they seem.
I tried just replacing Add() with Set() but now fastcgi still executes after header so the fastcgi header overwrites the one set by the header directive.
I have tried moving the fastcgi and header directives up and down the list in plugin.go to no avail. The header directive seems to execute first and then they get overridden.
I'll keep looking.