1

I am attempting to add a custom header within a Laravel(8) response called X-Custom which works, but it places it at the top of the header stack as such:

HTTP/1.1 200 OK
Date: Mon, 01 Nov 2021 10:58:44 GMT
Server: Apache/2.4.29 (Ubuntu)
X-Custom: 8675309
Cache-Control: no-cache, private
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
Access-Control-Allow-Origin: *
Content-Length: 15
Content-Type: text/html; charset=UTF-8

Content is here

With low memory devices (an ATTiny85) the earliest header I manage to receive is X-RateLimit-Remaining: 59. So to get the X-Custom header I ideally need it to go on the bottom of the whole stack like so:

HTTP/1.1 200 OK
Date: Mon, 01 Nov 2021 10:58:44 GMT
Server: Apache/2.4.29 (Ubuntu)
Cache-Control: no-cache, private
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
Access-Control-Allow-Origin: *
Content-Length: 15
Content-Type: text/html; charset=UTF-8
X-Custom: 8675309

Content is here

From what I can see Laravel returns the various headers from different files rather than all in one go so I think a simple sort is out of the question.

Is sticking a header on the end achieveable within Laravel's means?

Edit: On Chris Haas's comment it made me realise I don't need the headers as I'm only looking for one. Middleware was a dead end as it all seems to run just prior to all these Laravel headers being pushed. I have discovered if I comment out $this->sendHeaders() within symfony/http-foundation/Response.php::send() , it clears it up to this:

HTTP/1.1 200 OK
Date: Tue, 02 Nov 2021 01:21:29 GMT
Server: Apache/2.4.29 (Ubuntu)
X-Custom: 8675309
Content-Length: 15
Content-Type: text/html; charset=UTF-8

Content is here

I think this is as clean as I can get it from Laravel. This may be enough to get these devices working but in the effort to properly answer this question I am going to see what I can do from the Apache side.

Edit2: Following this answer https://stackoverflow.com/a/24941636/3417896 I can remove the Content-Type header by setting header("Content-type:") at the same place I'm commenting out sendHeaders(), resulting in this:

HTTP/1.1 200 OK
Date: Tue, 02 Nov 2021 02:23:45 GMT
Server: Apache/2.4.29 (Ubuntu)
X-Custom: 8675309
Content-Length: 15

Content is here

Ok now the Content-length I think remains in Apache. I saw another answer on how to remove it from php here https://stackoverflow.com/a/31563538/3417896, but it adds another header in its place.

lukebeales
  • 11
  • 3
  • 1
    Can you explain what a “low memory device” is? Or, I can guess at that probably, but more specifically, what kind of setup isn’t allowing you access to the full set of headers, but is somehow able to function as an HTTP client? – Chris Haas Nov 01 '21 at 12:21
  • It's an ATTiny85 receiving the data over a SoftwareSerial port in one burst. I believe the buffer isn't large as the chip only has 512 bytes of ram total, with 140 bytes free at the time of compilation. The buffer gets overwritten as more data arrives. So it's a delicate balance between ram, clock cycles, ordering of things, etc. – lukebeales Nov 01 '21 at 12:48
  • I doubt you will be able to rearrange _all_ of those headers in PHP, because some (like `Server` and `Date`) will be set by the web server itself. As for the ones issued by the script itself - you could try and get a list of all headers that are queued for sending using `headers_list` (will only work if the SAPI supports that), and then use `header_remove` to remove all of them, before you add them again in the desired order, using `header`. – CBroe Nov 01 '21 at 13:23
  • But if output buffering, and more importantly _flushing_ of the OB, will be used anywhere inside the application, this likely won't work, because then at the time you'd be calling `headers_list` you will probably only get an empty list. – CBroe Nov 01 '21 at 13:25
  • Is your service consumed by other things, too? Regardless, for this device I'd unset `Server` and `Access-Control-Allow-Origin`, along with any other headers that aren't needed for this device. You can do this at the server level, too. For instance, if you device is that minimal, I wouldn't think caching would even be an option, and does it really need/support the rate limit APIs? Lastly, can the payload itself be tweaked to include this information instead? Either as preamble, or wrapped in a structure? – Chris Haas Nov 01 '21 at 13:42
  • I am trying to keep the payload clean as sifting through text on these devices is difficult. The header is a nice separation. I like the idea of stripping out all headers so I have edited my question with my findings so far. – lukebeales Nov 02 '21 at 01:32

0 Answers0