I need to redirect request from nginx to another domain, below is a working solution for redirect request but it doesn't redirect Authorization header from original request, is it possible to redirect to another domain with all request headers from original request?
location /test {
return 301 https://test.com$request_uri;
}
Instead of using the return directive, which will issue a redirect to the client browser you can use the proxy_pass directive instead which will proxy the original client request to the remote server with the request headers intact.
Related
I use nginx as proxy server and I just set proxy_intercept_errors on; and also error_page directive error_page 400 /400.html; location = /400.html { root /path/to/error; }.
So the backend server which is tomcat(servlet) sometimes sendError likes HttpServletResponse.sendError(404); , that request may come back to nginx and redirect to 400.html.
In this situation I need to handle the internal redirect to 400.
My problem is I use a lua script which is checking some stuff from all income request, so I need to tell my lua to skip check when internal request is come.
Is it possible to identify internal request?
The below ngx.req.is_internal() is the answer.
https://github.com/openresty/lua-nginx-module#ngxreqis_internal
Firebase fails to redirect any HTTP POST requests to HTTPS POST. EX:
POST / HTTP/1.1
Host: apis.mydomain.com
is redirected by Firebase NGINX to
GET / HTTP/1.1
Host: apis.mydomain.com
if you are explicit about https, then NGINX works properly: POST -> POST
So, when the request hits Firebase hosting, and redirects your request to a firebase function that can be accessed by an https endpoint, the method has the possibility of collapsing into a GET from a POST method.
Looking closer at the headers, inside the Firebase Cloud Function, the protocol always expresses as http, instead of https.
I'm assuming this is an internal issue that I cannot modify, however, this is an issue for what I am doing, and this definitely is a problem given I cannot modify the NGINX that is handling my http(s) requests.
If you redirect with a 301 or 302 status code, the POST is downgraded to GET.
You need to use a 307 status to maintain POST across the redirect. See this document for details.
On Nginx, you will need to use a return statement. For example:
return 307 https://$host$request_uri;
I have https site on nginx.
If were sent http request on this domain, it redirects to https version. Exept one url, that send 301 redirect to another http domain.
My goal to add in browser's header field referrer, when it redirects through 301 redirect to another domain from http part of my site.
I know, that security rules drop referrer header, when browser goes from https to http. But from http to http it must work fine, isn't it?
If i just go from some http to another http page through hyperlynk, it save refferer on same browsers, that i used to test 301 redirect.
To add referrer from https to http
<meta name="referrer" content="origin">
Try to check situation into the postman, and read the headers if that works fine for you (HTTP referrers)
I found that 301 redirect response in my web service written in PHP doesn't carry custom http headers and custom cookie values if the visit is the very first visit. What I am not sure is whether this is how 301 redirect is supposed to work or whether this is just a matter of how to write my PHP code?
If this is unclear, please clarify and I will make the question clearer. My question is on how http protocol is supposed to behave in this case.
It is possible to add custom HTTP headers to a 301 Redirect response (HTTP 301 Moved Permanently).
For an example of this, visit http://www.hotmail.com which is now redirected to http://www.outlook.com and carries some custom HTTP headers on its 301 redirect response.
ANY response can contain cookies and custom headers. There is nothing in the HTTP spec to prevent that.
Ideally, I would like to remove/override the HTTP response referer header. My code looks something like:
Response.AddHeader("Referer", "");
Response.Redirect(url);
I am doing this because I am not running in pipelined mode, so I can't access the header directly.
This doesn't appear to do anything though.
When you use a Response.Redirect, you are sending an http 302 or location changed response to the client.
The client then makes a new request for the location specified in the 302 response.
The referer header will be set by the client. You can't change it that way.