Hi, Just sharing some info about a limitation of mod_headers.
I was doing some experiments with Content-Security-Policy (CSP), where I wanted to append extra parameters to an existing header. I was planning to use mod_headers for this but the issue is that CSP headers uses structured HTTP headers [rfc8941], where each parameter is separated by a ';'. The same RFC states that a ',' is used to separate items in a list. The 'append' action of mod_headers uses ',' to separate values so its use is limited to lists. For example, in the following CSP header we have two parameters: default-src and img-src. Each parameter has its own values separated by spaces; for img-src those are 'self' and example.com. Content-Security-Policy: default-src 'self'; img-src 'self' example.com What I wanted to do is use mod_headers append to go from: Content-Security-Policy: default-src 'self' to Content-Security-Policy: default-src 'self'; img-src 'self' example.com The only way I can manage to do this is at the moment is to replace the existing header. Hope this gives some ideas when revisiting mod_headers. --josé
