Reputation: 7338
How can I control the HTTP response headers added to my ASP.NET core web application when hosted in Azure app service?
we have written an ASP.NET core 2.2 web application which basically exposes a few web api controllers and we have used the ResponseCachingMiddleware in order to implement a server side response cache in our middleware pipeline.
We followed this Microsoft guide and we decided to add the HTTP response header Vary so that each response from our application includes the following header: Vary: Accept-Encoding, Accept-Charset.
Doing so, as explained in the guide linked above, is needed in order for the response cache to honor the client request headers so that the cached responses are used if and only if they are compatible with the client request.
Testing with postman I noticed that, when deploying the app in Azure (we used a standard Azure App Service to do so), the Vary response header is not what I would expect: it seems that Azure itself adds the value Accept-Encoding so that the value for the Vary header is set as Accept-Encoding, Accept-Charset,Accept-Encoding (this is a combination of the value set by our application and the value that, I suppose, is automatically added by Azure).
That said I have a couple of questions:
- is the extra value
Accept-Encodingreally added by the azure host ? - is there a way to customize the HTTP headers added by the Azure host (if any) ?
- is the value
Accept-Encoding, Accept-Charset,Accept-Encodinga valid value for theVaryheader ? is it going to work as expected even if we have a value repeated twice ?
Upvotes: 1
Views: 2294
Answers (1)
Reputation: 3372
Hosting ASP .NET Core on Azure App Service (a Windows one) still uses IIS as outlined here. So you should be able to control your headers by adding web.config to your project.
Here is an example of what that would look like and the link to the docs,
<configuration>
<system.web>
<httpRuntime enableVersionHeader="false" /> <!-- Removes ASP.NET version header. Not needed for Ghost running in iisnode -->
</system.web>
<system.webServer>
<security>
<requestFiltering removeServerHeader="true" /> <!-- Removes Server header in IIS10 or later and also in Azure Web Apps -->
</security>
<httpProtocol>
<customHeaders>
<clear /> <!-- Gets rid of the other unwanted headers -->
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
<redirectHeaders>
<clear />
</redirectHeaders>
</httpProtocol>
Upvotes: 2
Related Questions
- Azure WebApp remove 'Server' header for bad requests
- How to remove server info header from web api core 3.1 response which is hosted as azure web app?
- How to remove Server Header Azure App Service when requesting with Connect HTTP method
- Azure Web App request headers appended by Microsoft
- How can I remove excessive response header information from Azure Web-Apps?
- How to hide Server parameter in response header of Azure app Service?
- How can I get Azure App Service to add a custom HTTP response header on a static site?
- How to set response headers in .NET core 2.0 service
- How to remove "Microsoft-HTTPAPI/2.0" from http response header on App Service Web App
- Response Header issue on Azure Web Application