application/vnd.microsoft.portable-executable is a registered MIME type and its description matches what you want to use it for. The x- prefix in application/x-msdownload indicates that it is experimental so it should generally be avoided: Especially if something standard is available as it in in this case. application/octet-stream is for arbitary collections of bytes. It does match … Read more
Just use a middleware statement that executes for all routes: // a middleware with no mount path; gets executed for every request to the app app.use(function(req, res, next) { res.setHeader(‘charset’, ‘utf-8’) next(); }); And, make sure this is registered before any routes that you want it to apply to: app.use(…); app.get(‘/index.html’, …); Express middleware documentation … Read more
What is the difference between Header always set and Header set in Apache? As the quoted bit from the manual says, without ‘always’ your additions will only go out on succesful responses. But this also includes “successfully” forward errors via mod_proxy and perhaps other similar handlers that roughly act like proxies. What generates your 404s … Read more
Section 10.4 of the spec (which you linked to) doesn’t say anything about requirements on responses itself, but instead links to section 7.2.2, which specifies that the server can indicate the length of a response containing an entity body by sending a Content-Length header, or closing the connection when the entire response has been sent. … Read more
If you use a front-end service like Apigee as the front-end to your APIs, you will need something like X-FORWARDED-HOST to understand what hostname was used to connect to the API, because Apigee gets configured with whatever your backend DNS is, nginx and your app stack only see the Host header as your backend DNS … Read more
The difference can be found in the specifications, in this case RFC 7231: 5.3.2. Accept The “Accept” header field can be used by user agents to specify response media types that are acceptable. 3.1.1.5. Content-Type The “Content-Type” header field indicates the media type of the associated representation The Accept header always indicates what kind of … Read more
Generally one year is advised as a standard max value. See RFC 2616: To mark a response as “never expires,” an origin server sends an Expires date approximately one year from the time the response is sent. HTTP/1.1 servers SHOULD NOT send Expires dates more than one year in the future. Although that applies to … Read more
add_header works as well with proxy_pass as without. I just today set up a configuration where I’ve used exactly that directive. I have to admit though that I’ve struggled as well setting this up without exactly recalling the reason, though. Right now I have a working configuration and it contains the following (among others): server … Read more
The proxy can add extra (or overwrite) headers to requests it receives and passes through to the back-end. These can be used to communicate information to the back-end. So far I’ve seen a couple used for forcing the use of https in URL scheme: X-Forwarded-Protocol: https X-Forwarded-Ssl: on X-Url-Scheme: https And wikipedia also mentions: # … Read more
In order for the global CORS config to work, the client must add these two headers in the OPTIONS request. Origin: http://host.com Access-Control-Request-Method: POST However the @CrossOrigin annotation requires just the “Origin” header. Your client probably adds the “Origin” header but is missing the “Access-Control-Request-Method”…..thats why it works for you with the @CrossOrigin, but doesn’t … Read more