bfg100k
commented
2 months ago I'm not sure if I'm experiencing the same issue but in my case, I find that this plugin is unable to change or remove a header that is previously set by another middleware before it. Specifically,
I have a default middleware defined that adds X-Frame-Options=SAMEORIGIN (and some other security headers). This setting breaks Jellyfin on WebOS. So instead of having another security-related middleware defined just for webos, I'm hoping to use this as the last middleware in the chain to remove the X-Frame-Options response header. I've tested a few permutations and found that I'm unable to remove ANY header that was set earlier in the chain.
tomMoulard
htransformation, while doing nice job of modifying request headers, does meager job of modifying response headers. In my case I just can't do anything with
Locationheader, it simply ignores all rewrites. At the same time, if I set custom headers (X-Foo-Bar) using htransformation, I'm able to rewrite them and they appear in final response. In other words, response header transformation happens too early, and response from proxied server simply writes its headers on top of result of the plugin.I've looked in source code of several plugins, including standard traefik one. Many of them wrap
http.ResponseWriterand wait untilWriteHeadercall. Examples:https://github.com/XciD/traefik-plugin-rewrite-headers/blob/c339adea9127f3b555ac63181fed1a2dca6d80ea/rewrite_headers.go#L66-L73 https://github.com/traefik/traefik/blob/4f6c15cc14cdedc34484c697994134959fdff493/pkg/middlewares/headers/header.go#L57-L61