own headers are blocked
-
ENV: Latest WP, latest Cache-Enabler-Version, no other Cache-Plugins installed, Multisite-Installation, NGINX
TASK: Add security-headers by functions.php, e.g.
header(‘X-Frame-Options: SAMEORIGIN’);PROBLEM: headers won`t be added if cache-enabler caches (what would be the main purpose of this plugin :-))
DESC: I’ve been investigating an irritating error on our Website: After Adding Security-Headers like Content-Security-Policy or Strict-Transport-Security they went away after a time. At First i blame my hoster: If i changed my predeterminated config for WordPress, all would be fine. After a reload the site, my custom headers went away – after restarting the webserver, all would be fine. If header “X-Cache-Handler: wp” is present – which indicates cache-enabler is fine, my own headers are gone.
OK – that seems to be a problem with cache-enabler – if cache-enabler delivers cached sites, my own headers are went away.
Commenting out all lines regarding setting headers from line 46 to 94 in advanced-cache.php would`t solve the problem. Deleting all inside “if ( is_readable( $path_html)” e.g. solved one Problem – headers are fine, but cache-enabler wont work because “// deliver cached file (default) readfile( $path_html );” should be removed too to get working headers.
-
By default, the cache enabler bypasses PHP in order to run faster. You can however disable this by going to your wp-config.php file and setting
define('WP_CACHE', true);todefine('WP_CACHE', false);You may see a slight decrease in performance, however this will allow you to process PHP again.
The topic ‘own headers are blocked’ is closed to new replies.
