• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Issue newline character in nginx headers should not be accepted

johnrdorazio

Basic Pleskian
I recently ran into an issue when updating the Content Security Policy in my nginx headers, using the "Additional nginx directives" textarea for a domain. I started getting an ERR_HTTP2_PROTOCOL_ERROR on Chrome and Edge, but not on Firefox. I couldn't for the life of me figure out why, for such a simple change in the headers, I had simply added a new domain to the accepted `script-src` list of domains), but I figured I would try to undo the change by removing the new domain I had added. Still no luck, still getting same error on Chrome and Edge. I was looking into all sorts of solutions on stackoverflow, which suggested turning gzip on or off, or making sure the declared size of the document corresponded with the actual size... I finally found the problem when issuing `curl -v https://mydomain.example`, I could see the newline in the middle of the Content Security Policy header. Funny thing is I couldn't see it from the Plesk interface because it was occurring right near where a natural break would have occurred anyways in the textarea. After making sure that newline character was gone, my website started responding correctly again both on Chrome and Edge.

I would suggest that the Plesk "linting" when saving the headers check for newline characters within a single header, and issue a warning if one is found. Firefox seems to not complain, but Chrome and Edge will not like it.
 
Back
Top