Response Header Actions
OpenResty Edge provides the following actions to manipulate the response headers.
Set response header
This page rule has 2 actions configured.
- Set response header: can be used to modify or add response headers. The parameters are
Header Name
andHeader Value
. TheHeader Value
can be a string or a built-in variable. - Proxy request to upstream.
Example request
$ curl http://httpbin.org/anything -v
...
< Content-Type: application/json
...
$ curl http://test.com/anything -v
...
< Content-Type: text/html
...
The first request was sent before the page rules were configured, and you can see that the returned Content-Type is application/json
.
The second request was sent after the page rules was configured, and you can see that the Content-Type has been changed to text/html
.
Add a response header
This page rule performs 2 actions.
- Add Response Header: can be used to add a response header. The parameters are
Header Name
andHeader Value
. TheHeader Value
can be a string or a built-in variable. - Proxy request to upstream.
Example request.
$ curl http://test.com/anything -v
...
< X-New-Response-Header: openresty-edge
...
Delete the response header
This page rule performs 2 actions.
- Add Response Header: can be used to remove a response header. There is one parameter
Header Name
, which specifies the name of the response header you want to remove. - Proxy request to upstream.
Example request.
``bash $ curl http://httpbin.org/anything -v … < Content-Type: application/json < Content-Length: 379 < Connection: keep-alive < Access-Control-Allow-Origin: * < Access-Control-Allow-Credentials: true < Server: openresty+ < Req-ID: 00000180001c4ccd3b780003
$ curl http://test.com/anything -v … < Content-Type: application/json < Content-Length: 379 < Connection: keep-alive < Access-Control-Allow-Origin: * < Server: openresty+ < Req-ID: 00000180001c4ccd3eb00004
The first request was sent before the page rules were configured, and you can see the presence of the `Access-Control-Allow-Credentials` response header.
The second request was sent after the page rule was configured, and you can see that the `Access-Control-Allow-Credentials` response header has been removed.