94

I'm looking to add custom HTTP response headers to a Ruby on Rails app that is currently hosted on Heroku.

Improve this question

7 Answers 7

Reset to default
146

Use:

response.headers['HEADER NAME'] = 'HEADER VALUE'

either in a specific method or to a before_filter method of your application controller depending on whether you need this to be added in a specific or to all of your responses.

UPDATE for Rails 5 - February 24th, 2018

As noted by @BrentMatzelle in the comments, for Rails 5:

response.set_header('HEADER NAME', 'HEADER VALUE')
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Make sure that the value you set is a string, otherwise pow will give you strange errors
To add this to all actions in the controller use a after_action.
This is not correct. You should not really access the response object. See instead: stackoverflow.com/a/44743475/1028679 and read the the comments!
The BrentMatzelle comment is gone. Why is response.set_header('HEADER NAME', 'HEADER VALUE') preferred now?
24

In rails 5, the following solution works (in action methods)

response.set_header("Header-Name", "Header value")

Reference: edgeapi

Improve this answer

Comments

23

In Rails 3 or above, simply

headers['Header-Name'] = 'header value'

works in controllers. This is even the recommended way; according to the documentation,

Response is mostly a Ruby on Rails framework implementation detail, and should never be used directly in controllers. Controllers should use the methods defined in ActionController::Base instead. For example, if you want to set the HTTP response’s content MIME type, then use ActionController::Base#headers instead of Response#headers.

And this is still true in Rails 7.0.

Improve this answer

3 Comments

This is the most correct answer. Still most people ignore the documentation and use response object.
I don't understand the issue with using response, even the guides say "If you want to set custom headers for a response then response.headers is the place to do it." and headers are delegated from action controller to response. github.com/rails/rails/blob/v5.2.0/actionpack/lib/…
@fatfrog I think this is called encapsulation. Using the public interface is more robust, even if it simply delegates to a private interface; for example, in future the Rails team might want to add something in the headers method, which breaks you if you directly access the response. This is no new concept; in Java, many public getFoo() methods simply get you the private variable this.foo.
9

In rails 4, set the response headers in the application.rb or respective environment files. Once you done that, you can override the header value wherever you required in the controller. Refer this url for more details.

Improve this answer

Comments

5

If your headers are static, e.g. your own custom Server header, you can simply update config.action_dispatch.default_headers. The following example sets a custom Server header; add it to your config/application.rb or config/environments/...:

config.action_dispatch.default_headers["Server"] = "MyServer/#{config.version}"

(Assuming you set config.version earlier)

For more, see Rails Guides: Configuring Rails Applications: Configuring Action Dispatch:

config.action_dispatch.default_headers is a hash with HTTP headers that are set by default in each response.

This will be less work each request than running a controller callback.

NB: For more than one header use merge! to not remove existing essential XSS etc headers.

Improve this answer

Comments

4

In rails 4 works following:

class API::V1::BaseController 
  after_action :set_version_header

  protected
    def set_version_header
        response.headers['X-ComanyName-Api-Version'] = 'V1'
    end
end
Improve this answer

Comments

0

How to set a response header, BaseCamp style:

  • Use a before_action

  • And use a concern. Basically a glorified mixin.

class ApplicationController < ActionController::Base
  include Authentication, Authorization, VersionHeaders

  # Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has.
  allow_browser versions: :modern
end

# But let's look at the VersionHeaders module
# so all of that is set in a before_action 

module VersionHeaders
  extend ActiveSupport::Concern

  included do
    before_action :set_version_headers
  end

  private
    def set_version_headers
      response.headers["X-Version"] = Rails.application.config.app_version
      response.headers["X-Rev"] = Rails.application.config.git_revision
    end
end

## Boom - that's where the response headers are set.
## Not sure why anyone would care about the git_revision though.
## Would love someone to explain that to me.
## This is an excerpt from the WriteBook code base. Shamelessly copied without permission here. But I'm 100000% sure the base camp guys would not care, and would rather commend me for contributing to the learning of Rails / ruby.
# My thanks to them for providing me the source code from which I can learn.
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.