Opened 8 years ago
Closed 8 years ago
#40917 closed defect (bug) (invalid)
Some HTTP headers are duplicated on admin-ajax.php responses
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 4.7.5 |
| Component: | Administration | Keywords: | |
| Focuses: | Cc: |
Description
When a request is sent via admin-ajax.php, the response consistently includes some duplicated HTTP headers.
This is likely related to IIS, as the site is running on IIS 8.5.
The following are the custom headers specified in my web.config file:
<customHeaders> <add name="Arr-Disable-Session-Affinity" value="true" /> <add name="Referrer-Policy" value="no-referrer-when-downgrade" /> <add name="X-Content-Type-Options" value="nosniff" /> <add name="X-Frame-Options" value="SAMEORIGIN" /> <add name="X-XSS-Protection" value="1; mode=block" /> <remove name="X-Powered-By" /> </customHeaders>
Please refer to the attached screenshot. You can see that some of the custom headers I have specified get duplicated.
This looks to be a bug. Please let me know if you need anymore details.
Attachments (1)
Change History (2)
#1
@
8 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
Hi @EatonZ,
Unfortunately it looks like this is probably a "bug" in IIS - probably an expected scenario.
It looks like IIS simply appends the specified headers to whatever PHP outputs, which means WordPress is unable to detect that the headers are going to apply - We could parse the web.config file on each pageload, but that would be inefficient and likely not very precise.
The duplicated headers are not actually a problem for most clients, and given they're the same values shouldn't cause any issue.
I'm going to close this as invalid due to that, but if you're aware of a method that WordPress could avoid this scenario we could re-open it.
Duplicated HTTP response headers