• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue newline character in nginx headers should not be accepted

J

johnrdorazio

Basic Pleskian
I recently ran into an issue when updating the Content Security Policy in my nginx headers, using the "Additional nginx directives" textarea for a domain. I started getting an ERR_HTTP2_PROTOCOL_ERROR on Chrome and Edge, but not on Firefox. I couldn't for the life of me figure out why, for such a simple change in the headers, I had simply added a new domain to the accepted `script-src` list of domains), but I figured I would try to undo the change by removing the new domain I had added. Still no luck, still getting same error on Chrome and Edge. I was looking into all sorts of solutions on stackoverflow, which suggested turning gzip on or off, or making sure the declared size of the document corresponded with the actual size... I finally found the problem when issuing `curl -v https://mydomain.example`, I could see the newline in the middle of the Content Security Policy header. Funny thing is I couldn't see it from the Plesk interface because it was occurring right near where a natural break would have occurred anyways in the textarea. After making sure that newline character was gone, my website started responding correctly again both on Chrome and Edge.

I would suggest that the Plesk "linting" when saving the headers check for newline characters within a single header, and issue a warning if one is found. Firefox seems to not complain, but Chrome and Edge will not like it.
 
You must log in or register to reply here.

Similar threads

Y
Question Issue Implementing Dynamic CORS Headers in Plesk’s Additional NGINX Directives
Replies
1
Views
384
yfain
Y
adocsys
Resolved How to add HTTP Security Header on port 80?
Replies
3
Views
2K
adocsys
adocsys
A
Question How to use Clear-Site-Data header rule to clear browser cache
Replies
2
Views
3K
AntoineW
A
S
Question Issue with Multilingual SvelteKit Website on Plesk: Nginx Proxy to Apache Configuration
Replies
0
Views
1K
st3v3y
S
P
Resolved Nginx HTTP3 cause invalid redirect on WordPress
Replies
2
Views
3K
Paulo_o
P
Back
Top