Fix headers added by node for the recommended config
This commit is contained in:
parent
920c307608
commit
fde6f15270
1 changed files with 4 additions and 12 deletions
|
@ -127,23 +127,15 @@ var getHeaders = function (Env, type) {
|
|||
csp = Default.contentSecurity(Env);
|
||||
}
|
||||
headers['Content-Security-Policy'] = csp;
|
||||
|
||||
if (Env.NO_SANDBOX) { // handles correct configuration for local development
|
||||
// https://stackoverflow.com/questions/11531121/add-duplicate-http-response-headers-in-nodejs
|
||||
headers["Cross-Origin-Resource-Policy"] = 'cross-origin';
|
||||
headers["Cross-Origin-Embedder-Policy"] = 'require-corp';
|
||||
}
|
||||
headers["Cross-Origin-Resource-Policy"] = 'cross-origin';
|
||||
headers["Cross-Origin-Embedder-Policy"] = 'require-corp';
|
||||
cacheHeaders(Env, key, headers);
|
||||
|
||||
// Don't set CSP headers on /api/ endpoints
|
||||
// because they aren't necessary and they cause problems
|
||||
// when duplicated by NGINX in production environments
|
||||
if (type === 'api') {
|
||||
cacheHeaders(Env, key, headers);
|
||||
return headers;
|
||||
}
|
||||
if (type === 'api') { delete headers['Content-Security-Policy']; }
|
||||
|
||||
headers["Cross-Origin-Resource-Policy"] = 'cross-origin';
|
||||
cacheHeaders(Env, key, headers);
|
||||
return headers;
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in a new issue