使用PHP / Apache剥离Canonical Link HTTP响应标头
[英]Canonical Link HTTP Response Header being stripped using PHP / Apache
问题描述
I am trying to output a HTTP header using PHP that specifies a canonical url as per Google's guidelines : Specify a canonical link in your HTTP header in the following format: 
我正在尝试使用PHP输出一个HTTP标头,该标头根据Google的指南指定了规范网址: 在HTTP标头中以以下格式指定规范链接 :
Link: <http://www.example.com/downloads/white-paper.pdf>; rel="canonical"
However the response header is being stripped with result being 但是响应头被剥离,结果是
Link: ; rel="canonical"
As a test, I removed the left/right angle brackets, and the result is: 作为测试,我去掉了左/右尖括号,结果是:
Link: http://www.example.com/downloads/white-paper.pdf; rel="canonical"
Which makes me think some security measure (PHP/Apache/Apache module??) is seeing the header content as HTML and 'helping' by stripping it out. 这让我认为某些安全措施(PHP / Apache / Apache模块?)正在将标头内容视为HTML,并通过剥离将其“帮助”。
The reason the canonical needs to be specified in the headers and not simply in the <head> is that the document is a PDF. 需要在标题中而不是在<head>中指定规范的原因是该文档是PDF。
This is some test code to illustrate what I am doing: 这是一些测试代码来说明我在做什么:
<?php
header("link: <https://www.somedomain.com/>; rel=\"canonical\"");
print "this is a test";?>
The list of modules loaded in apache is: apache中加载的模块列表为:
core_module (static) log_config_module (static) logio_module (static) version_module (static) mpm_prefork_module (static) http_module (static) so_module (static) alias_module (shared) auth_basic_module (shared) authn_file_module (shared) authz_default_module (shared) authz_groupfile_module (shared) authz_host_module (shared) authz_user_module (shared) cgi_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) expires_module (shared) mime_module (shared) negotiation_module (shared) pagespeed_module (shared) php5_module (shared) reqtimeout_module (shared) rewrite_module (shared) setenvif_module (shared) ssl_module (shared) status_module (shared)
Note that suhosin is not loaded, so that can be ruled out.. Any help identifying what could be modifying the header appreciated. 请注意,未加载suhosin,因此可以排除该问题。识别任何可能会修改标头的帮助都将受到赞赏。
Update: I have tried this on a few different servers, and the result is the same so far. 更新:我已经在一些不同的服务器上尝试过,到目前为止,结果是相同的。
1 个解决方案
解决方案1
0 2017-03-13 09:04:23
The answer to this question is that the tools I was using to inspect the headers was inferior (probably not escaping the headers correctly before showing them as HTML): 这个问题的答案是,我用来检查标头的工具较差(在将标头显示为HTML之前,可能无法正确转义标头):
Specifically Chrome extension "CDN Headers & Cookies" and some online checker I can no longer find. 特别是Chrome扩展程序“ CDN标头和Cookies”以及一些我无法找到的在线检查器。
Chrome's default F12 header inspector shows the responses headers correctly though, apologies if I wasted anyone's time. Chrome的默认F12标头检查器可正确显示响应标头,如果我浪费了任何时间,我深表歉意。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.