Add Vary: Accept header and document nginx content negotiation config#3548
Add Vary: Accept header and document nginx content negotiation config#3548mich-elle-luna wants to merge 2 commits into
Conversation
- Add Vary: Accept to all hugo serve responses so caches know responses vary by Accept header - Serve .html.md files with Content-Type: text/markdown during local dev - Document the production nginx config needed for HTTP-level content negotiation (Accept: text/markdown → serve index.html.md) in AI_AGENT_DEVELOPER_GUIDE.md The <link rel="alternate" type="text/markdown"> element is already generated for every page by the AlternativeOutputFormats loop in baseof.html — no changes needed there. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
🛡️ Jit Security Scan Results
✅ No security findings were detected in this PR
Security scan by Jit
|
|
I don't know much about the server config but below is what the LLMs had to say about it. This might be a job for the new Content negotiation review — verdictTwo independent reviews (Claude + Codex) of the content-negotiation setup in Agreed findings (both reviewers)
Caught by Codex (highest impact)
Caught by Claude
Suggested priority
Reviewed by Claude (Opus 4.8) and Codex; no code changed. |
- Add home to [outputs] so the homepage and taxonomy pages emit
.html.md and .json variants (previously fell back to [HTML, RSS])
- Fix nginx Content-Type: use types{} block instead of add_header so
.md files get the correct MIME from the types table rather than a
header that can't override nginx's own content-type
- Add always flag to all Vary: Accept add_header directives so the
header is sent on non-2xx responses (404/5xx) for cache correctness
- Harden Accept map: exclude q=0 (explicit refusal) to avoid serving
markdown to clients that don't want it
- Fix rewrite regex: replace [^.]+ (skips dot-paths) with [^.]*[^/]
so version directories (7.4/) and dotless paths are handled correctly
- Clarify dev server limitation: hugo serve sets headers only and does
not perform Accept-based rewriting; full negotiation requires nginx
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using default effort and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 951b34e. Configure here.
| # are intentionally left to try_files so they resolve normally. | ||
| if ($use_markdown) { | ||
| rewrite ^(.*/)$ $1index.html.md last; | ||
| rewrite ^(/[^.]*[^/])$ $1/index.html.md last; |
There was a problem hiding this comment.
Trailing-slash rewrite ignores dot exclusion
Medium Severity
The guide states paths with a dot (e.g. version segments like 7.4/) skip negotiation and use try_files, but the first rewrite ^(.*/)$ runs for every trailing-slash URL when Accept selects markdown. Those dotted paths still rewrite to index.html.md, which can 404 or return markdown where normal HTML index resolution was intended.
Reviewed by Cursor Bugbot for commit 951b34e. Configure here.
2 participants
The element is already generated for every page by the AlternativeOutputFormats loop in baseof.html — no changes needed there.
Note
Low Risk
Changes are limited to Hugo config, dev-server headers, and operator documentation; no application logic or auth paths are modified.
Overview
Improves agent-ready HTTP behavior for markdown alternates: local
hugo servenow sendsVary: Accepton all responses andContent-Type: text/markdownfor*.html.md, and the homepage is included in Hugo[outputs]so it builds Markdown (and JSON) like sections and pages.Adds a Production Configuration for Agent Readiness section to
AI_AGENT_DEVELOPER_GUIDE.mdwith a full nginx recipe (Accept: text/markdown→ rewrite toindex.html.md, MIME mapping,Vary), plus a note thathugo servedoes not rewrite by Accept—only production (or CDN) rules enable true negotiation. No template changes; alternate<link>tags remain from existingAlternativeOutputFormatsinbaseof.html.Reviewed by Cursor Bugbot for commit 951b34e. Bugbot is set up for automated code reviews on this repo. Configure here.