Multiline headers

(Lucas) #1

I’m trying to add some headers to my Caddy files, and everything works fine, as expected, but the headers I’m adding tend to get quite long. For example the Feature-Policy header, or the Content-Security-Policy header.

Is there a way in a Caddy config file to split the header across multiple lines to make it easier to read/edit?

I know you can use a + in front of a header name to append another header of the same name, but what I want to know is if there’s a way to define a single header over multiple lines but have it sent from the server as a single line?

If there isn’t then that’s fine, but it would just make long header values easier to read if it were possible.

(Matt Holt) #2

I usually just use regular quotes:

header / {
	Content-Security-Policy "style-src   'self';
                          script-src  'self' data:;
                          img-src     'self' data: https:;
                          font-src    'self' data: https: blob:;
                          media-src   'self' https:;
                          connect-src 'self' https:;
                          object-src  'none';"

(Lucas) #3

Thanks for the example, but unfortunately this is one of the things I tried and it doesn’t seem to work.

When I put all of the values onto a single line I can see the header in the Chrome network tab, but when I split it over multiple lines like that it stops appearing.

(Matthew Fay) #4
whitestrake at apollo in ~/Projects/test
❯ caddy -version
Caddy 0.11.0 (unofficial)

whitestrake at apollo in ~/Projects/test
❯ cat Caddyfile
:2015 {
  status 200 /
  header / {
    X-My-Test-Header "This is
                      a multiline
                      header for

whitestrake at apollo in ~/Projects/test
❯ caddy
Activating privacy features... done.

From another terminal:

whitestrake at apollo in ~
❯ curl -IL http://localhost:2015/
HTTP/1.1 200 OK
Server: Caddy
X-My-Test-Header: This is                       a multiline                       header for                       testing.
Date: Tue, 25 Sep 2018 23:05:48 GMT

The relevant docs outlining the behaviour of tokens and quotes:

(Lucas) #5

This is what I’m doing:

λ caddy -version
Caddy 0.11.0 (+d47b041 Thu Sep 06 11:08:30 UTC 2018) (unofficial)
1 file changed, 1 insertion(+), 1 deletion(-)

λ cat caddy\Caddyfile
import "sites/*"

λ cat caddy\sites\_default.caddyfile
:443 {
    tls self_signed

    root "d:/devenv/caddy/default"

    header / {
        X-My-Test-Header "This is
                          a multiline
                          header for

λ cd caddy\

λ caddy
Activating privacy features... done.

And then in another window:

λ curl -kIL https://localhost/
HTTP/2 200
accept-ranges: bytes
content-type: text/html; charset=utf-8
etag: "p7eoxp54"
last-modified: Thu, 19 Apr 2018 00:20:13 GMT
server: Caddy
content-length: 184
date: Wed, 26 Sep 2018 00:51:52 GMT

It seems to work on HTTP though:

λ curl -kIL http://localhost/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 184
Content-Type: text/html; charset=utf-8
Etag: "p7eoxp54"
Last-Modified: Thu, 19 Apr 2018 00:20:13 GMT
Server: Caddy
X-My-Test-Header: This is                           a multiline                           header for                           testing.
Date: Wed, 26 Sep 2018 00:56:50 GMT

(Matthew Fay) #6

I modified my earlier attempt to add a HTTPS listener and was able to replicate the issue. Looks like we’ve got a bug.

The header doesn’t appear when:

  1. The header content is given as a multiline token in the Caddyfile, AND;
  2. The site is accessed over HTTPS

A single-line header works over HTTPS and both work over HTTP. Very strange. Time to take this to the Github issue tracker so we can investigate the cause, I think.

@Lucas, would you mind filling out the issue template at and linking to this thread?

(Lucas) #7

Thanks for the help so far, and thanks for testing it out on your machine too.

I’ve created a new issue on the GitHub project, so for now I’ll stick to single line header values :slight_smile: