问题描述

我正在尝试为我的应用中的每个响应添加标头。

I'm trying to add HSTS headers to every response, across my app.

我的第一个想法是使用mod_headers —我将此指令放置在documentroot的.htaccess文件中：

My first thought was to use mod_headers — I placed this directive in an .htaccess file at the documentroot:

Header set Strict-Transport-Security "max-age=7776000"

这在使用Apache 2.2和mod_php的本地设置上正常运行。所有资源都会使用适当的HSTS标头进行响应。

This works fine on my local setup using Apache 2.2 and mod_php. All resources respond with the appropriate HSTS header.

我的部署环境使用Apache 2.2和mod_fastcgi，并且上述技术适用于任何资源 php文件

My deployment environment uses Apache 2.2 and mod_fastcgi and the above technique works for any resource except php files.

另一个SO 有一个类似的问题，其中传入的请求（？）的标头被剥离了-但我担心修改响应的标头离开服务器。

Another SO question had a similar problem, where incoming requests (?) had headers stripped — but I'm concerned about modifying headers of response leaving the server.

如何在.htaccess文件的上下文中向PHP资源添加响应标头？

How can I add response headers to php resources in the context of an .htaccess file?

推荐答案

根据针对mod_headers的文档您可能需要为标头指令设置可选的有条件的标志。

According to the docs for mod_headers you probably need to set the optional conditional flag for the header directive.

因此，在这种情况下，它将成为

So in this case, it would become

Header always set Strict-Transport-Security "max-age=7776000"

这篇关于在php-fpm / mod_fastcgi中使用mod_headers的问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！