Am 01.07.2021 um 16:41 schrieb Boris Borzic:
> Please have a look at the FilterRequest function in WEBSERVE.PRG included
> with v4.1. Some of these settings have been included, you can add your own.
> Also, whenever you upgrade versions, I strongly recommend to compare the
> included source code with previous versions as well as your own versions of
> these. The changes in source code may include bug fixes, security updates
> and best practice experience.
thank you very much - I did as advised but it is not working. The
headers are ignored.
My function looks similar to yours:
Local cHost := oClient:HTTPRequest:Host()
Local cPath := oClient:HTTPRequest:Path()
"max-age=31536000; includeSubDomains; preload")
"default-src 'none'; script-src 'self'; connect-src 'self'; img-src
'self'; style-src 'self';base-uri 'self';form-action 'self'")
if valtype( cHost ) == "U"
cHost := ""
if valtype( cPath ) == "U"
cPath := ""
if ".php" $ cPath .or. ".cgi" $ cPath .or. "cgi-bin" $ cPath
.or. ".asp" $ cPath
oClient:NoLog := .t.
if MEMVAR->lForceHttps .and. !empty( cHost ) .and.
oClient:HTTPResponse:StatusCode := 301
oClient:HTTPResponse:Location("https://" + cHost +
When using a browsers object inspector, I do not see those headers being
I am using no static html-pages - all pages are been built in-memory and
returned to the client. Would I have to set those headers inside each of
those functions building a page?