Comments (9)
Yes and now i see why:
Fetch all HTTP request headers
The HTTP Security Headers are response headers ;)
I agree we should mention it on the docs (will add a note to the 4.x doc page as well) but i would not include special tooling. As therefor you should use the Browser Console and this is the only source of truth right? Do you agree?
from plg_system_httpheader.
Done: https://docs.joomla.org/J4.x:Http_Header_Management#Notes
from plg_system_httpheader.
Hmm agree but i don't see where i can do much about it inside joomla or a Plugin. Will merge the PR to add it to the docs thanks.
from plg_system_httpheader.
Maybe it would be possible to build in a check in the back-end of the plugin to display the headers?
https://www.php.net/manual/en/function.getallheaders.php
It might be a bit over-engineering though, as it's a one-time-only configuration and you could check them via your browser. So putting something in the documentation is enough.
from plg_system_httpheader.
Hmm seems this is not there for nginx? Can you check whether this is the case? The idea is also to keep this here in sync with the core Plugin.
Checking the header in the browser should do the trick. We might can add something to the debug Plugin. But that feels like that we would just try to reinvent the browser console in joomla.
from plg_system_httpheader.
I suppose that it's just the general browser head, not Apache only. But I could be wrong.
Keeping the J3 version in sync with J4 is another argument to just mention the possible double header issue in the documentation. :-)
from plg_system_httpheader.
This function is an alias for apache_request_headers().
Can you try whether that function fails on nginx hosts?
from plg_system_httpheader.
Yes. In a Joomla site on an Nginx server I added the following to the template:
foreach (getallheaders() as $name => $value) {
echo "$name: $value\n<br>";
}
and it's output:
Cookie: [removed]
Accept-Language: en,nl-NL;q=0.9,nl;q=0.8,en-GB;q=0.7,en-US;q=0.6
Accept-Encoding: gzip, deflate, br
Referer: [removed]
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Dnt: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[removed] Safari/[removed]
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Host: [removed]
Content-Length:
Content-Type:
So, even on Nginx the getallheaders
works (also apache_request_headers()
works!).
Apparently it does not display any of the HTTP Security Headers.
from plg_system_httpheader.
Yes, I fully agree
from plg_system_httpheader.
Related Issues (20)
- RSS feeds not working anymore after enabling the plugin HOT 2
- Feature request: Secure and HttpOnly cookies HOT 4
- Update from 1.0.11 to 1.0.12 does not go through HOT 9
- Headers added only to admin section HOT 10
- [enhancement] Add support for Permissions-Policy HOT 7
- can I have a version of httpHeader special for php 5.4 only HOT 1
- Directive Referrer-Policy HOT 7
- purchased Template ignoring your plugin HOT 2
- Question About Plugin Effectiveness HOT 6
- Hashes do not match HOT 12
- Missing translations HOT 2
- Update to new version HOT 2
- Testing HttpHeader Plugin HOT 7
- Adding a ftp subdomain to CSP HOT 6
- Improvement to be made HOT 2
- Removing headers HOT 4
- [Feature request] Add support for enabling / disabling limiting headers to the defined list. HOT 10
- Missing Headers - Permissions-Policy HOT 6
- What would cause this plugin to stop working, code is showing up on my website headers? HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from plg_system_httpheader.