nginx proxy and Date header

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

nginx proxy and Date header

Frank Liu
Is there a reason why by default nginx doesn't pass the "Date" header from upstream?

https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html seems to indicate Date header shouldn't be altered:

The HTTP-date sent in a Date header SHOULD NOT represent a date and time subsequent to the generation of the message. It SHOULD represent the best available approximation of the date and time of message generation, unless the implementation has no means of generating a reasonably accurate date and time. In theory, the date ought to represent the moment just before the entity is generated. In practice, the date can be generated at any time during the message origination without affecting its semantic value.

If nginx, as a proxy, changes the Date header, it may mess up the caching model of HTTP in some pretty subtle ways in the downstream.



_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: nginx proxy and Date header

Maxim Dounin
Hello!

On Wed, May 22, 2019 at 10:30:57AM -0700, Frank Liu wrote:

> Is there a reason why by default nginx doesn't pass the "Date" header from
> upstream?
> http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header
>
> https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html seems to indicate
> Date header shouldn't be altered:
>
> The HTTP-date sent in a Date header SHOULD NOT represent a date and time
> subsequent to the generation of the message. It SHOULD represent the best
> available approximation of the date and time of message generation, unless
> the implementation has no means of generating a reasonably accurate date
> and time. In theory, the date ought to represent the moment just before the
> entity is generated. In practice, the date can be generated at any time
> during the message origination without affecting its semantic value.
>
> If nginx, as a proxy, changes the Date header, it may mess up the caching
> model of HTTP in some pretty subtle ways in the downstream.

And not changing the Date will mess pretty badly with various
things as introduced in nginx, such as by the "expires"
directive (not to mention SSI, as well as returning various
responses from cache).

Since nginx is primarily developed as a frontend server, it is
generally considered to be an origin server in terms of RFC 2616.  
Accordingly, "generation of the message" in the quote above
happens in nginx, and it uses the current date by default.

If you want to preserve Date as returned by the upstream server,
you can use the proxy_pass_header directive to do so.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: nginx proxy and Date header

Frank Liu
I understand your argument when nginx is normally used as a frontend server and "generation of the message" happens in nginx, but in this case, the document is about the nginx proxy module where nginx proxies the "message" originated from upstream.
When nginx is used as a reverse proxy, I think nginx proxy module should NOT remove the "Date" header from origin by default. Other reverse proxies/caches, like Varnish, are doing the same: http://ronwilliams.io/blog/post/rfc7231-compliant-http-date-headers


On Thu, May 23, 2019 at 2:55 AM Maxim Dounin <[hidden email]> wrote:
Hello!

On Wed, May 22, 2019 at 10:30:57AM -0700, Frank Liu wrote:

> Is there a reason why by default nginx doesn't pass the "Date" header from
> upstream?
> http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header
>
> https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html seems to indicate
> Date header shouldn't be altered:
>
> The HTTP-date sent in a Date header SHOULD NOT represent a date and time
> subsequent to the generation of the message. It SHOULD represent the best
> available approximation of the date and time of message generation, unless
> the implementation has no means of generating a reasonably accurate date
> and time. In theory, the date ought to represent the moment just before the
> entity is generated. In practice, the date can be generated at any time
> during the message origination without affecting its semantic value.
>
> If nginx, as a proxy, changes the Date header, it may mess up the caching
> model of HTTP in some pretty subtle ways in the downstream.

And not changing the Date will mess pretty badly with various
things as introduced in nginx, such as by the "expires"
directive (not to mention SSI, as well as returning various
responses from cache).

Since nginx is primarily developed as a frontend server, it is
generally considered to be an origin server in terms of RFC 2616. 
Accordingly, "generation of the message" in the quote above
happens in nginx, and it uses the current date by default.

If you want to preserve Date as returned by the upstream server,
you can use the proxy_pass_header directive to do so.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx