Adding custom HTTP headers to nginx X-Accel-Redirect

Asked 1/7, 2014 at 9:45 Answered 7/6, 2021 at 11:38

Solved ruby-on-rails nginx custom-headers x-accel-redirect

I am serving restricted downloads in rails using X-Accel-Redirect with nginx. To validate my downloads in client app, i am trying to send the checksum in the non standard HTTP header Content-MD5 to the X-Accel-Redirect request. But this is not working.

below the rails snippet used to do the redirection

headers['X-Accel-Redirect'] = '/download_public/uploads/stories/' + params[:story_id] +'/' + params[:story_id] + '.zip'
            headers['X-Accel-Expires'] = 'max'
            checksum = Digest::MD5.file(Rails.root.dirname.to_s+'/public/uploads/stories/' + params[:story_id] +'/' + params[:story_id] + '.zip').hexdigest
            headers['Content-MD5'] = checksum
            request.session_options[:skip] = true
            render :nothing => true, :content_type => MIME::Types.type_for('.zip').first.content_type

This is the nginx section

location /download_public { 
 internal;
 proxy_pass_header Content-MD5;
 add_header Cache-Control "public, max-age=315360000";
 add_header Content-Disposition "inline"; 
 alias /var/www/sss/public; 
}

This is not working apparently. I am not able to get the Content-MD5 header in my responses. Is there any way to pass my Content-MD5 header from rails?

I know there are ways to do that entirely in nginx, like compiling nginx with perl or lua and easily calculate the MD5 on the fly. But i dont want to do that.

Any help is much appreciated.

Mauri answered 1/7, 2014 at 9:45 Comment(4)

try add_header Content-MD5 $upstream_content_md5; – Mickens 1/7, 2014 at 9:53

@AlexeyTen, i got this error nginx: [emerg] unknown "upstream_content_md5" variable – Mauri 1/7, 2014 at 9:57

Oops, it's $upstream_http_content_md5. See nginx.org/r/$upstream_http_ – Mickens 1/7, 2014 at 11:29

@AlexeyTen, it works.. :) please add this as answer, i ll accept it – Mauri 1/7, 2014 at 11:34

Use add_header Content-MD5 $upstream_http_content_md5;

Since X-Accel-Redirect causes internal redirect nginx will not send returned headers, but it will keep them in $upstream_http_... variables. So you could use them.

Mickens answered 1/7, 2014 at 11:37 Comment(4)

same problem but with the aws s3 redirect. Could you please have a look at the question here #24972224 . any help is much appreciated – Mauri 26/7, 2014 at 14:35

If I am doing proxy_pass inside "internal" location - then $upstream_.. variables becomes empty. How to fix that? – Pickax 5/1, 2021 at 17:20

@Pickax ask new question – Mickens 8/1, 2021 at 14:50

nginx will not send returned headers - seems Content-Type is an exception, that header will be forwarded even without add_header – Merrilee 24/2, 2021 at 16:47

I've tried accepted answer and it doesn't work for me. But this works:

 set $authorization "$upstream_http_authorization";
 proxy_set_header Authorization $authorization; # Pass on secret from back end

(copy-pasted from this article https://clubhouse.io/developer-how-to/how-to-use-internal-redirects-in-nginx/)

It's interesting that it's important to extract variable. This does not work for me:

 proxy_set_header Authorization "$upstream_http_authorization";

Teodorateodorico answered 7/6, 2021 at 11:38 Comment(3)

This answer is underrated. I can confirm that without the variable it does not work. Thank you. – Breton 15/9, 2021 at 17:9

Yes, interesting indeed that it behaves this way. I've read and re-read the nginx docs and I'm utterly unable to understand why it should do this. Anyone with answers, please speak up! :-D – Alleviate 20/2, 2022 at 19:56

For me it only works with: more_set_headers "Content-Security-Policy: $upstream_http_content_security_policy"; (I needed to set the CSP header for a file served via X-Accel-Redirect.) – Sentience 2/11, 2022 at 23:24

Recommended topics

Hot tags