Skip to content

Commit f067515

Browse files
ton31337chewi
ton31337
authored and
chewi
committed
force to send x-* headers back to the client (browser)
1 parent af713c4 commit f067515

File tree

1 file changed

+28
-0
lines changed

1 file changed

+28
-0
lines changed

nginx/modsecurity/ngx_http_modsecurity.c

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,7 @@
7070

7171
typedef struct {
7272
ngx_flag_t enable;
73+
ngx_flag_t x_headers;
7374
directory_config *config;
7475

7576
ngx_str_t *file;
@@ -158,6 +159,12 @@ static ngx_command_t ngx_http_modsecurity_commands[] = {
158159
NGX_HTTP_LOC_CONF_OFFSET,
159160
offsetof(ngx_http_modsecurity_loc_conf_t, enable),
160161
NULL },
162+
{ ngx_string("ModSecurityXHeaders"),
163+
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_SIF_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_TAKE1,
164+
ngx_conf_set_flag_slot,
165+
NGX_HTTP_LOC_CONF_OFFSET,
166+
offsetof(ngx_http_modsecurity_loc_conf_t, x_headers),
167+
NULL },
161168
ngx_null_command
162169
};
163170

@@ -548,6 +555,10 @@ static int ngx_http_modsecurity_save_headers_in_visitor(void *data,
548555
}
549556

550557
ngx_strlow(h->lowcase_key, h->key.data, h->key.len);
558+
h->lowcase_key[h->key.len] = '\0';
559+
560+
if(!ngx_strcmp(h->lowcase_key, "host"))
561+
return 1;
551562

552563
h->hash = ngx_hash_key(h->lowcase_key, h->key.len);
553564

@@ -822,6 +833,7 @@ ngx_http_modsecurity_save_headers_out_visitor(void *data,
822833
ngx_http_upstream_main_conf_t *umcf;
823834

824835
umcf = ngx_http_get_module_main_conf(r, ngx_http_upstream_module);
836+
ngx_http_modsecurity_loc_conf_t *conf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity);
825837

826838
h = &he;
827839

@@ -838,6 +850,20 @@ ngx_http_modsecurity_save_headers_out_visitor(void *data,
838850

839851
ngx_strlow(h->lowcase_key, h->key.data, h->key.len);
840852

853+
if(conf->x_headers) {
854+
h->lowcase_key[h->key.len] = '\0';
855+
if(h->lowcase_key[0] == 'x' &&
856+
h->lowcase_key[1] == '-') {
857+
858+
new_h = ngx_list_push(&r->headers_out.headers);
859+
new_h->key = h->key;
860+
new_h->value = h->value;
861+
new_h->hash = 1;
862+
return 1;
863+
864+
}
865+
}
866+
841867
h->hash = ngx_hash_key(h->lowcase_key, h->key.len);
842868

843869
hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
@@ -1017,6 +1043,7 @@ ngx_http_modsecurity_create_loc_conf(ngx_conf_t *cf)
10171043

10181044
conf->config = NGX_CONF_UNSET_PTR;
10191045
conf->enable = NGX_CONF_UNSET;
1046+
conf->x_headers = NGX_CONF_UNSET;
10201047

10211048
return conf;
10221049
}
@@ -1030,6 +1057,7 @@ ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent,
10301057
ngx_http_modsecurity_loc_conf_t *conf = child;
10311058

10321059
ngx_conf_merge_value(conf->enable, prev->enable, 0);
1060+
ngx_conf_merge_value(conf->x_headers, prev->x_headers, 0);
10331061
ngx_conf_merge_ptr_value(conf->config, prev->config, NULL);
10341062

10351063
if (conf->enable && conf->config == NULL) {

0 commit comments

Comments
 (0)