[4.0]Make sure we do not add one header twice but we support to set a different header per client.

[zero-24]

Pull Request for Issue #30962 cc @PhilETaylor

Summary of Changes

Make sure we do not add one header twice but we support to set a different header per client.

Testing Instructions

Setup Plugins -> System - HTTP Headers as this screenshot:

Actual result BEFORE applying this Pull Request

Content-Security-Policy: TWO

Expected result AFTER applying this Pull Request

Content-Security-Policy: ONE

Documentation Changes Required

None

@PhilETaylor I'm not sure whether we should block the save as it could be valid to configure two headers with the same value. e.g. one for the backend and one for the frontend. With this change here we make sure only the first configured per site (or for both) is choosen. I'm not sure how to cleanly validate the subform at that point other than hooking into the onExtensionBeforeSave Event but than this pugin would be triggered on all extension saves does not sound that optimal to me?

[adj9]

I have tested this item ✅ successfully on a004fa3

done :)

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/31128.}

[Giuse69]

hi, the PR works but why not having a javascript check to warn the user that the same header with the same client is already set when fill the second one? There might more even more effective solutions (like to disable options when already set) but probably not worth the effort.
I think it's useful to at least inform the user that what he has set (multiple values for same header/client) is not what he will get (correctly with this patch but we need to inform the user of the "mistake" if not prevent)

[zero-24]

the PR works but why not having a javascript check to warn the user that the same header with the same client is already set when fill the second one?

hmm I get the point but I'm no JS expert do you know how to implement such check in the subform? The other way around could be a validation rule I guess.

[ceford]

I have tested this item ✅ successfully on a004fa3

It is not so obvious that you look for the result in the headers sent. I was expecting the form to changes! Anyway, I used my browser HTTP Header Live tool and could see the the change from TWO to ONE as described.

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/31128.}

[Giuse69]

hmm I get the point but I'm no JS expert do you know how to implement such check in the subform? The other way around could be a validation rule I guess.

yes, maybe better validate server-side the configuration of the plugin when saving and not accepting the save operation when parameters, also displaying an error message

[vijaykhollam]

I have tested this item ✅ successfully on 376a8cb

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/31128.}

[tushar33]

I have tested this item ✅ successfully on 376a8cb

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/31128.}

[richard67]

RTC

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/31128.}

[richard67]

There is a strange error shown in drone for javascript-cs, but that's not related to this PR.

[richard67]

Thanks!