Thanks! On Fri, Jun 11, 2021 at 11:36 AM Tim Düsterhus <t...@bastelstu.be> wrote:
> James, > > On 6/11/21 8:28 PM, James Brown wrote: > > Is there any reason (performance or otherwise) to use http-response > instead > > of just turning everything into http-after-response? > > There is a difference: If a http-response rule fails [1] then a standard > error page will be emitted. For this error page the http-after-response > rules will need be evaluated. They might fail as well, aborting the > processing and causing a very simple 500 Internal Server Error to be > emitted. This will suppress any other error (e.g. 503, 403, …). > > So complex http-after-response rules might cause additional (debugging) > issues in error situations. > > I recommend using them for the most essential stuff only. In my case > that is the Strict-Transport-Security header and a request ID response > header. > > Best regards > Tim Düsterhus > > [1] e.g. if there's insufficient memory to add the header. > -- James Brown Engineer
