I'd like to bring this issue to your attention again, possibly you are
able to find a solution for haproxy 1.9?

This issue prevents me from submitting one domain to the HSTS preload
list, as I need to perform a redirect on the zone's apex and that
redirect does not include the HSTS header.

Best regards
Tim Düsterhus

Mailing list link of the quoted mail:

Am 28.02.2017 um 07:49 schrieb Willy Tarreau:
> On Sun, Feb 26, 2017 at 07:02:52PM +0100, thierry.fourn...@arpalert.org wrote:
>> Haproxy can't add header to a redirect because redirect is a final
>> directive. After executing the redirect no more action are executed.
> We really need to think about it for the short term future because it's
> not the first time we need this. Having a few "header" directives on
> the "redirect" rules could help, but I already expect that everyone
> will want these ones to support dynamic log-formats etc...
> In the mean time I think there is an alternate even uglier trick but
> I have not tested it :
>     http-request redirect location 
> "https://blah..\r\nStrict-Transport-Security: foobar"
> The idea is that the string presented in "location" will be copy-pasted
> as-is in the Location header, so I guess that if it contains a CRLF it
> will be appended as is. Yes I know it's ugly and it would be better to
> support more flexible responses.
> Cheers,
> Willy

Reply via email to