Bug 51842 - Suggesting a new action for the Header directive: default
Summary: Suggesting a new action for the Header directive: default
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_headers (show other bugs)
Version: 2.2-HEAD
Hardware: All All
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-09-18 08:33 UTC by Francois Marier
Modified: 2015-10-03 02:21 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Francois Marier 2011-09-18 08:33:49 UTC
To complement the existing "edit" action which will apply a regexp to an existing header, it would be great to have an action which would set a header if one doesn't already exist. It would be a cross between merge/append and set.

Possible names for that action: default, ensure, setifempty, setifmissing

Here is the use case I have in mind for it:

- external application (e.g. using mod_wsgi) usually does not set the X-Content-Security-Policy header
- mod_headers sets that header to a very strict value that works for most pages in the application
- the application decides to provide its own X-Content-Security-Policy header for those pages where the settings need to be relaxed
- mod_headers doesn't do anything if it sees an X-Content-Security-Policy header from the application

( Use case explained in more details at http://feeding.cloud.geek.nz/2011/09/adding-x-content-security-policy.html )
Comment 1 Kevin Locke 2015-10-03 02:21:33 UTC
Unless I am mistaken, this was fixed in httpd 2.4.7 with the introduction of setifempty.

Please excuse my preventiveness if marking this bug as RESOLVED/FIXED is inappropriate.