问题描述
我正在尝试为我的应用中的每个响应添加标头。
I'm trying to add HSTS headers to every response, across my app.
我的第一个想法是使用mod_headers —我将此指令放置在documentroot的.htaccess文件中:
My first thought was to use mod_headers — I placed this directive in an .htaccess file at the documentroot:
Header set Strict-Transport-Security "max-age=7776000"
这在使用Apache 2.2和mod_php的本地设置上正常运行。所有资源都会使用适当的HSTS标头进行响应。
This works fine on my local setup using Apache 2.2 and mod_php. All resources respond with the appropriate HSTS header.
我的部署环境使用Apache 2.2和mod_fastcgi,并且上述技术适用于任何资源 php文件
My deployment environment uses Apache 2.2 and mod_fastcgi and the above technique works for any resource except php files.
另一个SO 有一个类似的问题,其中传入的请求(?)的标头被剥离了-但我担心修改响应的标头离开服务器。
Another SO question had a similar problem, where incoming requests (?) had headers stripped — but I'm concerned about modifying headers of response leaving the server.
如何在.htaccess文件的上下文中向PHP资源添加响应标头?
How can I add response headers to php resources in the context of an .htaccess file?
推荐答案
根据针对mod_headers的文档您可能需要为标头指令设置可选的有条件的
标志。
According to the docs for mod_headers you probably need to set the optional conditional
flag for the header directive.
因此,在这种情况下,它将成为
So in this case, it would become
Header always set Strict-Transport-Security "max-age=7776000"
这篇关于在php-fpm / mod_fastcgi中使用mod_headers的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!