Closed HanadaLee closed 1 month ago
andrieslouw
commented
2 months ago This is indeed by-design to strip all headers. Are you using an self-hosted version, or the public service? For self-hosted you might be able to script something to add them back in.
HanadaLee
commented
2 months ago I'm using a self-hosted service, but there doesn't seem to be any existing option to configure passthrough response headers. What does script mean?
kleisauke
commented
2 months ago For the same reasons we do not pass any information to the origin server, we also do not retain (or internally parse) any response headers from the origin server.
The only meta information retained from the original image is its size, which does not necessarily originate from the Content-Length header, as upstream servers are allowed to omit this.
https://github.com/weserv/images/blob/947dbc4ef817509620f678d9186cb6c097957687/ngx_conf/imagesweserv.conf#L58
Feel free to use the provided source code to host your own solution, which you can customize to suit your needs. For example, if you only need to process images from a single domain, you can use nginx's proxy_pass directive in combination with the weserv filter directive. For more details, see: https://github.com/weserv/images/issues/314#issuecomment-952012562.
kleisauke
commented
2 months ago Additionally, you can refer to the ngx_http_proxy_module for guidance on implementing this behavior within the weserv proxy directive. See the following links for comparison:
https://github.com/nginx/nginx/blob/release-1.27.1/src/http/modules/ngx_http_proxy_module.c#L1900-L1941
and:
https://github.com/weserv/images/blob/947dbc4ef817509620f678d9186cb6c097957687/src/nginx/http.cpp#L467-L515
After that, the various response header fields ought also to be available via the $upstream_http_<NAME> variables.
I am currently using HTTP response headers such as unique id and via header to track the request process.
However, weserv will discard all HTTP response headers after obtaining the original image and regenerate all HTTP headers by itself.
I hope to be able to retain headers other than the HTTP response headers that must be changed (such as Content-Length, Date, etc.), as well as some headers that may leak privacy (such as Set-Cookie), to facilitate request process tracking and debugging.