Bug 51842

Summary: Suggesting a new action for the Header directive: default
Product: Apache httpd-2 Reporter: Francois Marier <fmarier>
Component: mod_headersAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: P2    
Version: 2.2-HEAD   
Target Milestone: ---   
Hardware: All   
OS: All   

Description Francois Marier 2011-09-18 08:33:49 UTC
To complement the existing "edit" action which will apply a regexp to an existing header, it would be great to have an action which would set a header if one doesn't already exist. It would be a cross between merge/append and set.

Possible names for that action: default, ensure, setifempty, setifmissing

Here is the use case I have in mind for it:

- external application (e.g. using mod_wsgi) usually does not set the X-Content-Security-Policy header
- mod_headers sets that header to a very strict value that works for most pages in the application
- the application decides to provide its own X-Content-Security-Policy header for those pages where the settings need to be relaxed
- mod_headers doesn't do anything if it sees an X-Content-Security-Policy header from the application

( Use case explained in more details at http://feeding.cloud.geek.nz/2011/09/adding-x-content-security-policy.html )
Comment 1 Kevin Locke 2015-10-03 02:21:33 UTC
Unless I am mistaken, this was fixed in httpd 2.4.7 with the introduction of setifempty.

Please excuse my preventiveness if marking this bug as RESOLVED/FIXED is inappropriate.