Willy, I'd like to bring this issue to your attention again, possibly you are able to find a solution for haproxy 1.9?
This issue prevents me from submitting one domain to the HSTS preload list, as I need to perform a redirect on the zone's apex and that redirect does not include the HSTS header. Best regards Tim Düsterhus Mailing list link of the quoted mail: https://www.mail-archive.com/haproxy@formilux.org/msg25061.html Am 28.02.2017 um 07:49 schrieb Willy Tarreau: > On Sun, Feb 26, 2017 at 07:02:52PM +0100, thierry.fourn...@arpalert.org wrote: >> Haproxy can't add header to a redirect because redirect is a final >> directive. After executing the redirect no more action are executed. > > We really need to think about it for the short term future because it's > not the first time we need this. Having a few "header" directives on > the "redirect" rules could help, but I already expect that everyone > will want these ones to support dynamic log-formats etc... > > In the mean time I think there is an alternate even uglier trick but > I have not tested it : > > http-request redirect location > "https://blah..\r\nStrict-Transport-Security: foobar" > > The idea is that the string presented in "location" will be copy-pasted > as-is in the Location header, so I guess that if it contains a CRLF it > will be appended as is. Yes I know it's ugly and it would be better to > support more flexible responses. > > Cheers, > Willy >
