underscores_in_headers
The `underscores_in_headers` directive allows the use of underscores in HTTP header names.
Description
By default, NGINX does not permit underscores in HTTP header names for security reasons, specifically to avoid possible conflicts with certain header parsing behavior.
The underscores_in_headers directive modifies this restriction. It can be set to 'on' or 'off', where 'on' permits the use of underscores in header names. This is particularly useful when working with specific APIs or clients that rely on header names containing underscores.
This directive can be used in the http or server contexts, allowing for global or server-specific configuration. When enabled, it applies to all headers processed by NGINX, influencing both incoming request headers as well as outgoing response headers.
Config Example
http {
underscores_in_headers on;
server {
location / {
# server configuration
}
}
}Enabling underscores in headers may expose your application to potential issues with certain proxies or clients that do not handle such headers well.
Ensure that functionality relying on underscores is thoroughly tested post-configuration change.