[英]nginx - replacing header
我有一個 integrations.conf 文件,如下所示:
http {
map $http_host $csp_header {
default "'self'";
"~*.*\.something.com" "https://*.something.ai https://*.something.com";
"~*.*\.something.ai" "https://*.something.ai https://*.something.com";
}
include common/base.conf;
include common/secure_headers.conf;
server {
location ~ /api {
include some_other_file.conf
}
}
...
}
secure_headers.conf 如下所示:
add_header X-Frame-Options "sameorigin";
add_header Content-Security-Policy "frame-ancestors $csp_header";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
現在,對於特定路徑“/api/this-path”,我想將x-frame-options
和context-security-policy
標頭的值替換為:
X-Frame-Options "*";
Content-Security-Policy "frame-ancestors *";
我怎樣才能做到這一點?
如果您嘗試額外map
塊怎么辦?
map $uri $csp_value {
~^/api/this-path "frame-ancestors *";
default "frame-ancestors $csp_header";
}
map $uri $xfo_value
~^/api/this-path "*";
defalut "sameorigin";
}
...
server {
...
add_header X-Frame-Options $xfo_value;
add_header Content-Security-Policy $csp_value;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
...
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.