Only set headers in apache if they don't exist

"Header always setifempty" does not work with proxied requests, as the
header from the response is added in the second header table.  This
means both tables want to set the headers.  The only way out seems to
check by hand if the header already exists somewhere.

Signed-off-by: Bastian Blank <waldi@debian.org>

diff --git a/modules/apache2/files/headers b/modules/apache2/files/headers
index 15d3b08..89e6933 100644 (file)
--- a/modules/apache2/files/headers
+++ b/modules/apache2/files/headers
@@ -1,9 +1,9 @@
 <IfModule mod_headers.c>
   Header set X-Clacks-Overhead "GNU Terry Pratchett"
 
-  Header always setifempty X-Content-Type-Options "nosniff"
-  Header always setifempty X-Frame-Options "sameorigin"
-  Header always setifempty Referrer-Policy "no-referrer"
-  # Header always setifempty X-Xss-Protection "1; mode=block"
-  Header always setifempty X-Xss-Protection "1"
+  Header always set X-Content-Type-Options "nosniff" "expr=-z %{resp:X-Content-Type-Options}"
+  Header always set X-Frame-Options "sameorigin" "expr=-z %{resp:X-Frame-Options}"
+  Header always set Referrer-Policy "no-referrer" "expr=-z %{resp:Referrer-Policy}"
+  # Header always set X-Xss-Protection "1; mode=block" "expr=-z %{resp:X-Xss-Protection}"
+  Header always set X-Xss-Protection "1" "expr=-z %{resp:X-Xss-Protection}"
 </IfModule>