ASP.NET/IIS, When do <customHeaders> in the web.config get added to the page?

心不动则不痛 提交于 2021-02-11 08:48:26

问题


At what point in the page lifecycle do customHeaders in the web.config get added to the page? One MSN reference showed headers being added to the response before the request got to the page handler. Why are none of the headers cleared since I can see headers being cleared in 2 places?

I can see in one of our page templates code behind in the OnInit override: Response.ClearHeaders(); Response.AppendHeader("Cache-Control", "no-store");

The headers in the web.config

<customHeaders>
    <clear />
    <add name="X-XSS-Protection"...etc

The rendered page response headers have both "Cache-Control" and "X-XSS-Protection" as well as others. Since .NET code and web.config both clear the headers, I would expect one to clear the other, but that is not happening.

This is in IIS 7.5 in Classic mode if that makes a difference.


回答1:


Custom headers are added as part of post-processing, when ASP.NET is done generating the response. So your ASP.NET code will not be able to remove the custom headers defined in web.config.

The clear element clears the configuration of the custom headers element-- it does not clear the headers from the response itself. It is a way of resetting the configuration if you have inherited configuration values (e.g. if there is a customHeaders element in machine.config and you wish to override it at the site level).



来源:https://stackoverflow.com/questions/42168144/asp-net-iis-when-do-customheaders-in-the-web-config-get-added-to-the-page

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!