I recently got h2 (HTTP 2.0) running on my server.Continue reading post "HTTP 2 on Ubuntu 18.04 with Apache and PHP"
Woo-hoo. My site is finally sending h2 (HTTP 2.0).Continue reading post "#2103"
While working on my site’s error pages, I became aware of the #save418 kerfuffle.Continue reading post "#1644"
I’ve done some more testing on the problem I mentioned before of all requests showing up as
200‘s in the Apache log on my Dreamhost shared server. I’m pretty sure it’s specific to their
Struggling to figure out why every response from my Symfony application is showing up in the log files as a ‘200’ status. I thought it was related to this and this, since I’m running under FastCGI on Dreamhost, but attempting to set a
Status header didn’t help. Setting a regular response header in a plain PHP file does work, in fact. If I use ‘mod_rewrite’ to write another URL to load that same plain file, however, the status shows as ‘200’, so it must have something to do with ‘mod_rewrite’. Must get to bed though, so I will have to try another day.
I’ve been working on the HTTP headers my site sends recently. I had been working on performance / cache related headers, but after seeing mention of a security header scanner built by Scott Helme, I decided to spend a little time implementing security related headers on my site. I don’t really know these headers that well, so I added the headers it suggested and mostly went with the recommended values. I did read up a bit on what they mean though and modified the
Content-Security-Policy as I saw fit.
I added most of the headers using a Symfony reponse event listener. This handles all of my HTML responses without sending the headers for other responses, where they aren’t necessary. The exception is the
X-Content-Type-Options, which should be set for all responses. I set that in Apache configuration.