I have to return a specific cache-control header (Cache-Control: public, max-stale=13910400) but when run this, I get this:
Cache-control has been duplicated, but I only need custom values.
$newResponse = $response->withHeader('Cache-Control', 'public, max-stale=13910400')->withJson($appInfo);
return $newResponse;
I tried this but it doesn't work (just for testing):
$newResponse = $response->withoutHeader('Cache-Control')->withHeader('Cache-Control', 'public, max-stale=13910400')->withJson($appInfo);
return $newResponse;
How can I set the header correctly?
Thank you
I suspect that you might have a middleware problem.
Your code above does produce the correct output.
$app->get('/test', function ($req, $res, $args) {
header_remove("Cache-Control"); //Edit <--
$newResponse = $res->withHeader('Cache-Control', 'public, max-stale=13910400')->withJson(["message" => "Test"]);
return $newResponse;
});
CURL Output
C:\Users\Glenn>curl -X GET -v http://localhost/vms2/public/test
HTTP/1.1 200 OK
Date: Tue, 13 Sep 2016 19:04:42 GMT * Server Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.6.3 is not blacklisted
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.6.3
X-Powered-By: PHP/5.6.3
Set-Cookie: VMS2=2qf14qr1c0eplgfvibi8t2hcd2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-Control: public, max-stale=13910400
Content-Length: 18
Content-Type: application/json;charset=utf-8
{"message":"Test"}
Connection #0 to host localhost left intact
remove the cache control from your code and add the below code in your .htaccess file
<filesMatch "\\.(html|htm|php)$">
Header set Cache-Control "max-age=1, private, must-revalidate"
</filesMatch>
Related
I am using NGINX 1.12 with PHP-FPM on AWS server.
I get a rare scenario bug that sometimes my page shows the html content along with headers with 0 prefixed and suffixed
0
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Mon, 26 Nov 2018 05:29:29 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
transfer-encoding: chunked
Connection: keep-alive
html content
0
When i refresh immediately or later, this will show the proper page.
Can anyone suggest what may be the issue ?
So I've got a server to server application. The PHP script on server 1, domain 1 sets a custom header in the page (Authorization: Bearer 123456789). The script on server 2, domain 2 uses get_headers() to read the headers.
It all works fine when the files are served natively. But when the script on server 1 is included in a Joomla module get_headers() doesn't retrieve the custom header.
In both cases, developer tools shows the custom header but also some different headers than returned by get_headers().
The code below uses JFactory to set the headers if Joomla is loaded but it is the same result using header(). Joomla just isn't passing the custom header.
I don't get it. Anyone have any idea what is going on here? Its not a SEF or htaccess issue.
<?php
// Server 1
if(!class_exists("JFactory")){ // no Joomla
header('Authorization: Bearer 123456789');
} else { // Joomla framework loaded
$app = JFactory::getApplication();
$app->setHeader('Authorization: ', 'Bearer 123456789');
$app->sendHeaders();
}
The code on server 2:
<?php
// Server 2
$headers = get_headers("http://server1.com/");
foreach($headers as $header) {
echo $header ."<br/>";
}
Output from get_headers() when served natively:
HTTP/1.1 200 OK
Date: Thu, 19 Jan 2017 12:44:35 GMT
Server: Apache
Authorization: Bearer 123456789
Content-Length: 0
Connection: close
Content-Type: text/html
Output from get_headers() when served by Joomla:
HTTP/1.1 200 OK
Date: Thu, 19 Jan 2017 12:45:49 GMT
Server: Apache
Set-Cookie: 3c460b3da9ecb202e794816b4144c6ff=ja7mn4b4njov98lsv76kk8pvu2; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 1264
Connection: close
Content-Type: text/html
Native headers displayed by developer tools:
Authorization: Bearer 123456789
Date: Thu, 19 Jan 2017 13:07:32 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 0
Content-Type: text/html
200 OK
Joomla headers displayed by developer tools:
Pragma: no-cache
Date: Thu, 19 Jan 2017 12:19:24 GMT
Last-Modified: Thu, 19 Jan 2017 12:19:25 GMT
Server: Apache
Authorization: : Bearer 123456789
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 76888
Expires: Wed, 17 Aug 2005 00:00:00 GMT
Remove double dot from setheader call :
$app = JFactory::getApplication();
$app->setHeader('Authorization', 'Bearer 123456789');
$app->sendHeaders();
Thanks for the suggestion Yoleth. I tested this and got the same result.
However I have found the problem. The Joomla site setting the header is using a component called Site Lock. This is similar to putting the site off line but has some nice features for developers.
Basically Site Lock was preventing the page being served and just returning the headers from the lock page (as it should). I don't know why I didn't see it earlier. Sometimes just can't see the forest for the trees!
I use symfony2 and create a web service :
$response = new JsonResponse();
$response->setData(array(
'dt' => time()
));
return $response;
The response have this header
HTTP/1.1 200 OK
Date: Tue, 23 Dec 2014 10:23:06 GMT
Server: Apache/2.4.9 (Win64) PHP/5.5.12
X-Powered-By: PHP/5.5.12
Cache-Control: no-cache
X-Debug-Token: 27ccd9
X-Debug-Token-Link: /capteur/web/app_dev.php/_profiler/27ccd9
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json
However the electronical device who call this webservice need a smaller header like this :
HTTP/1.1 200 OK
{"dt":1418812347}
How could I accomplish this with symfony2 ?
Symfony always add a lot of things in the header ...
Thanks !
EDIT
In production mode some header are disabled.
Whith some .htaccess rules :
<IfModule mod_headers.c>
Header unset X-Powered-By
Header unset Keep-Alive
Header unset Content-Length
Header unset Server
Header unset ETag
Header unset Cache-Control
Header unset Last-Modified
Header unset Date
Header unset Accept-Ranges
Header unset Connection
Header unset Content-Type
</IfModule>
some header are still here :
Cache-Control:no-cache
Connection:Keep-Alive
Content-Type:application/json
Date:Wed, 31 Dec 2014 13:48:20 GMT
Keep-Alive:timeout=5, max=100
Server:Apache
Transfer-Encoding:chunked
After a lot of try, I think it's the smallest header available under apache server.
I am setting this with htaccess. I know it's being set properly because if I set another header:
Header set Access-Control-Allow-Origin2: *
Then chrome does see this. As soon as I remove the 2 however, chrome just completely ignores it. If I make my file a PHP file and put this in it:
<?php header("Access-Control-Allow-Origin: *"); ?>
Then it works.
Here are the response headers as reported by Chrome of the .htaccess method which I need to work and which does not:
HTTP/1.1 304 Not Modified
Date: Sun, 30 Mar 2014 00:13:06 GMT
Server: Apache/2.2.22 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
ETag: "208f3-178a2-4f5c4f119cd34"
Vary: Accept-Encoding
Here are the response headers as reported by Chrome from the PHP method which for some reason does work:
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2014 00:13:09 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.3.10-1ubuntu3.10
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 23
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html
Again, I know the htaccess is setting the header, even if I go to an online service that checks reponse headers, I see this back:
HTTP/1.1 200 OK
Date: Sun, 30 Mar 2014 00:18:14 GMT
Server: Apache/2.2.22 (Ubuntu)
Last-Modified: Sat, 29 Mar 2014 20:48:34 GMT
ETag: "208f3-178a2-4f5c4f119cd34"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Length: 33393
Content-Type: application/javascript
I have my checkout page secured on my site with the Bluehost SSL certificate and quite frequently the page will be downloaded instead of rendered.
This only happens when I use ssl, if I run the site without it the page loads fine.
Is there anything i can do to prevent this, I have tried placing
<?php header("Content-type: text/html"); ?>
at the top of the page but this doesn't solve the issue. Here is an example of the file headers that are downloaded when the issue occurs:
HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 23:42:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
Here is an example of the headers when it loads correctly:
HTTP/1.1 200 OK
Date: Mon, 13 Dec 2010 03:04:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=28
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
I found the issue was being caused by my css and javascript minifier script, "CSS and Javascript Combinator". When I swapped it out to use "Minify" the issue was resolved.
Does the header header("Content-disposition: inline"); help?
You need to tell apache its OK to use SSL with php files.
Have you got the correct stanza in the extra/httpd-ssl.conf
It should look something like:-
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>