Contents x
    Modify First Party Response
    • 11 Jul 2023
    • Print
    • Dark
      Light
    Contents

    Modify First Party Response

    • Updated on 11 Jul 2023
    • Print
    • Dark
      Light
    Article Summary

    This feature executes on vcl_deliver only for first party requests (Sensor, CAPTCHA, XHR).

    You can use it to edit response headers, like CORS or other security features.

    The code in vcl_deliver after px_deliver is still executed even if this feature is implemented.


    EXAMPLE 1

    By default, HUMAN returns '*' for the Access-Control-Allow-Origin header on first party responses.

    TO overwrite this behavior:

    1. Open the PX_CUSTOM.vcl file.
    2. Uncomment the unset resp.http.Access-Control-Allow-Origin line:
    sub px_custom_first_party_response_modifier {
  unset resp.http.Access-Control-Allow-Origin;
}


    EXAMPLE 2

    You can tell browsers that only HTTPS is allowed.

    TO implement:

    1. Open the PX_CUSTOM.vcl file.
    2. Uncomment the set resp.http.Strict-Transport-Security = "max-age=86400" line:
    sub px_custom_first_party_response_modifier {
  set resp.http.Strict-Transport-Security = "max-age=86400";
}

    TEST
    1. Set the required request using px_custom_first_party_response_modifier as shown above.
    2. Send the request to /<appId without px>/init.js.
    3. Make sure the response contains the result set in the request.



    Was this article helpful?
    What's Next