davidjb
commented
8 years ago As per http://forum.nginx.org/read.php?2,238444,238453#msg-238453, the original mechanism wasn't recommended and as Maxim points out:
While this might work, I wouldn't recommend relying on it. This way headers are processed within subrequest context, and then again within main request context. This might potentially result in headers being not in sync with filter module contexts, resulting in invalid response. Safer aproach would be to copy only specific headers.
(On the other hand, I don't think anything bad would happen with standard filter modules, as most of them just ignore subrequests.)
As we've seen from #8, this is a problem and the Gzip filter is modifying the body of the outgoing request, but the response is broken because the headers aren't manipulated/delivered correctly.
So there's two options:
- Figure out how to sync the headers with filter modules, or
- Merge the two responses together (by overwriting most of the original parent response with that of the subrequest response; this is what a FastCGI authorizer should do anyway)
The latter seems to be suggested option.
Previously, the way this module worked was to replace the main request's outgoing headers with the subrequest's headers (
r->headers_out = sr->headers_out, this line). This kind of works and does deliver the right headers to a client. However, Nginx's directives such asadd_headeranderror_pagedo not function correctly. Headers-more works, but only for clearing headers; not setting them.At present, there's some workarounds in place for 401/403 responses to enable Nginx to correctly manipulate outgoing headers and allowing the above directives to work. This implementation needs to be reworked into correctly merging the two sets of headers.
Apparently https://github.com/openresty/lua-nginx-module/ has a live example for merging subrequest headers and body into the main request.
Originally reported as #8.