Unable to set header containing JSON in Caddy v2 b15

I'm trying to set the `Report-To` header to a value that is JSON. I've tried various attempts at escaping braces and quotes but have been unable to set the header value to valid JSON. For more details on the attempts I have tried, see below.

I believe this is a sensible feature request based on increased use of this specification: [Reporting API, W3C Working Draft, 25 September 2018](https://www.w3.org/TR/reporting-1/).

This feels like a feature request rather than a bug as the documentation doesn't not explicitly indicate that JSON header values are supported. If we don't want to support JSON (or the use of `{`, `}`) in header values, we could detail this behaviour in the documentation to clarify this.

I haven't yet tracked down the lines in the source code responsible for parsing header definitions in the Caddyfile. I'll update this issue if I do.

This appears to have been fixed in: #2063 but I believe the behaviour described there is reproducible in the latest beta.

---

### 1. My Caddy version (`caddy version`):
`v2.0.0-beta.15 h1:Td1esMk7bebftnoBuT3gOqUGxew5HqdIKw3s36S8tNw=`


### 2. How I run Caddy:


#### a. System environment:

```plain
Linux blog 4.15.0-74-generic #84-Ubuntu SMP Thu Dec 19 08:06:28 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
```

I'm using the DIgital Ocean image but have upgraded Caddy to the latest version `v2.0.0-beta.15`.


#### b. Command:

I'm using `systemctl`. The following command is how I reload after a configuration change.
```
systemctl reload caddy
```

#### c. Service/unit/compose file:

`cat /etc/systemd/system/caddy.service`

```plain
[Unit]
Description=Caddy Web Server
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --config /etc/caddy/Caddyfile --adapter caddyfile --resume --environ
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --adapter caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target
```

#### d. My complete Caddyfile or JSON config:

```plain
blog.glvr.io {
  root * /var/www/html
  file_server
  encode gzip zstd

  header {
    -Server
    Referrer-Policy no-referrer
    X-Xss-Protection "1; mode=block; report='https://bill.report-uri.com/r/d/xss/enforce'"
    Report-To "\{'group':'default','max_age':3600,'endpoints':[\{'url':'https://bill.report-uri.com/a/d/g'\}],'include_subdomains':true\}"
    X-Content-Type-Options nosniff
    Content-Security-Policy "default-src 'self'"
  }
}
```

### 3. The problem I'm having:

I'm trying to set the `Report-To` header to a value that is JSON.

```plain
{'group':'default','max_age':3600,'endpoints':[{'url':'https://bill.report-uri.com/a/d/g'}],'include_subdomains':true}
```
I've tried various attempts at escaping braces and quotes but have been unable to set the header value to valid JSON. For more details on the attempts I have tried, see below.

### 4. Error messages and/or full log output:

```plain
~# curl -XGET -I https://blog.glvr.io

HTTP/2 200 
accept-ranges: bytes
content-security-policy: default-src 'self'
content-type: text/html; charset=utf-8
etag: "q6kdmr6l9"
last-modified: Mon, 02 Mar 2020 11:37:39 GMT
referrer-policy: no-referrer
report-to: \],'include_subdomains':true\}
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report='https://bill.report-uri.com/r/d/xss/enforce'
content-length: 8541
date: Wed, 04 Mar 2020 10:50:52 GMT
```

### 5. What I already tried:


I've tried a couple of things:

1. No escaping at all

   **config:** `Report-To "{'group':'default','max_age':3600,'endpoints':[{'url':'https://bill.report-uri.com/a/d/g'}],'include_subdomains':true}"`
   **result:** `report-to: ],'include_subdomains':true}`

2. Escape all the `{`

   **config:** `Report-To "\{'group':'default','max_age':3600,'endpoints':[{'url':'https://bill.report-uri.com/a/d/g'}],'include_subdomains':true\}"`
   **result:** `report-to: ],'include_subdomains':true}`

3. Escape the outer `{`

   **config:** `Report-To "\{'group':'default','max_age':3600,'endpoints':[{'url':'https://bill.report-uri.com/a/d/g'}],'include_subdomains':true\}"`
   **result:** `report-to: \],'include_subdomains':true\}`

### 6. Links to relevant resources:

* I've found this previous question that appears to describe the same issue: [Header containing JSON](/t/header-containing-json/3468).
* This question links through to this PR: [ httpserver.Replacer: Rework loop to ignore escaped placeholder braces](https://github.com/caddyserver/caddy/pull/2075/files) which has been merged.
* This fix does not appear to have made it into the `v2` branch: https://github.com/caddyserver/caddy/blob/v2/modules/caddyhttp/replacer.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Unable to set header containing JSON in Caddy v2 b15 #3116

1. My Caddy version (`caddy version`):

2. How I run Caddy:

a. System environment:

b. Command:

c. Service/unit/compose file:

d. My complete Caddyfile or JSON config:

3. The problem I'm having:

4. Error messages and/or full log output:

5. What I already tried:

6. Links to relevant resources:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Unable to set header containing JSON in Caddy v2 b15 #3116

Description

1. My Caddy version (caddy version):

2. How I run Caddy:

a. System environment:

b. Command:

c. Service/unit/compose file:

d. My complete Caddyfile or JSON config:

3. The problem I'm having:

4. Error messages and/or full log output:

5. What I already tried:

6. Links to relevant resources:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

1. My Caddy version (`caddy version`):