Posted on by wbk

Adding X-Clacks-Overhead

For a long time on my to-do list, but postponed due to perceived complexity: adding X-Clacks-Overhead.

Now I got around to looking into what is actually involved, and… It’s not all that convoluted. For nginX it a single line to be added in a server, location or http block. 

add_header X-Clacks-Overhead "GNU Terry Pratchett" always;

Next up was finding the right file in the Yunohost setup of nginX: I did find a single (default) sites-available, but no sites-enabled.

All configuration is put in the conf-directories, where I put the additional header in the conf of the main site in the server section. 

vi /etc/nginx/conf.d/mysite.tld.conf

Now first see that the header is not there before reloading nginX:

~# curl -IL mysite.tld
 HTTP/1.1 302 Moved Temporarily
 Server: nginx
 Date: Sat, 28 Dec 2019 11:23:13 GMT
 Content-Type: text/html
 Content-Length: 154
 Connection: keep-alive
 X-SSO-WAT: You've just been SSOed
 Location: https://mysite.tld/yunohost/sso/?r=aHR0cHM6Ly9zYW55aS5ubC8=

See? No X-Clacks header. Reload nginX…

service nginx reload

… and have a look at the headers again:

~# curl -IL mysite.tld
 HTTP/1.1 302 Moved Temporarily
 Server: nginx
 Date: Sat, 28 Dec 2019 11:25:52 GMT
 Content-Type: text/html
 Content-Length: 154
 Connection: keep-alive
 X-SSO-WAT: You've just been SSOed
 Location: https://mysite.tld/yunohost/sso/?r=aHR0cHM6Ly9zYW55aS5ubC8=
 X-Clacks-Overhead: GNU Terry Pratchett

It now shows at the bottom line.

Actually the X-Clacks-Overhead is only added to the HTTP 1.1 headers. The HTTP 2 headers omit the header at the moment. After rereading the config, I added the header to the server listening at port 80 over HTTP 1.1; it gets forwarded to port 443 over HTTP 2. That block did not have the header. After adding the header there as well, the HTTP 2 headers show the X-Clacks-Overhead as well: 

~# curl -IL mysite.tld
 HTTP/2 404 
 server: nginx
 date: Sat, 28 Dec 2019 11:33:18 GMT
 content-type: text/html
 content-length: 162
 x-sso-wat: You've just been SSOed
 set-cookie: SSOwAuthRedirect=;; Path=/yunohost/sso/; Expires=Thu, 01 Jan 1970 00:00:00 UTC; Secure; HttpOnly; SameSite=Lax ;;
 strict-transport-security: max-age=63072000; includeSubDomains; preload
 content-security-policy: upgrade-insecure-requests
 content-security-policy-report-only: default-src https: data: 'unsafe-inline' 'unsafe-eval'
 x-content-type-options: nosniff
 x-xss-protection: 1; mode=block
 x-download-options: noopen
 x-permitted-cross-domain-policies: none
 x-frame-options: SAMEORIGIN
 x-clacks-overhead: GNU Terry Pratchett

One difference between the two header blocks, is that the HTTP1.1 block is capitalized, whereas the HTTP2 block is not. Fine with me 🙂

So, two points of my mental to-do list, one for the Clacks itself and one for moving it from a mental to-do list to a physical (of some sort) to-do list.

Print this entry

Leave a Reply

Your email address will not be published. Required fields are marked *