httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <>
Subject Re: [users@httpd] Mark cookies as secure?
Date Thu, 21 Feb 2013 13:18:42 GMT
On Thu, Feb 21, 2013 at 12:07 PM, Eric Covener <> wrote:

> On Wed, Feb 20, 2013 at 5:15 PM, Igor Cicimov <> wrote:
> > Yeah cgi, thats what i thought. In case of cgi apache doesn't have
> control
> > over the headers, you need to make the changes from inside cgi scripts
> them
> > self.
> >
> These can still be edited, but I think mod_cgi puts the headers in the
> "error headers" bucket -- as in Header always edit ...

Eric, your response made me go and re-read mod_headers doco (carefully),
which I haven't done for some time, and there it was of course, very clear:

The default value of onsuccess may need to be changed to always under the
circumstances similar to those listed below. Note also that repeating this
directive with both conditions makes sense in some scenarios because
alwaysis not a superset of
onsuccess with respect to existing headers:

   - You're adding a header to a non-success (non-2xx) response, such as a
   redirect, in which case only the table corresponding to always is used
   in the ultimate response.
   - *You're modifying or removing a header generated by a CGI script, in
   which case the CGI scripts are in the table corresponding to always and
   not in the default table.*
   - You're modifying or removing a header generated by some piece of the
   server but that header is not being found by the default onsuccesscondition.

Hope this time it will sink deeper in my memory and stay there for longer
than 5 minutes :)

> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View raw message