我有一个 Nginx 代理设置,我向服务器添加了几个与安全相关的标头,以便它们返回所有代理位置。在某些位置我需要添加额外的标头(例如Content-Security-Policyto /),而在其他特定位置我需要删除在服务器级别添加的标头之一(例如X-Frame-Optionsfrom /framepage.html)。
nginx.conf# ...
server {
# ...
include security-headers.conf;
location / {
proxy_pass http://web:5000/;
include security-headers.conf;
add_header Content-Security-Policy "my csp...";
}
location = /framepage.html {
proxy_pass http://web:5000/framepage.html;
# TODO: remove `X-Frame-Options` response header from this specific page
# Tried add_header X-Frame-Options "";
# Tried proxy_set_header X-Frame-Options "";
# Tried proxy_hide_header X-Frame-Options;
}
location /api/ {
proxy_pass http://api:5000/;
}
location /otherstuff/ {
proxy_pass http://otherstuff:5000/;
}
# ...
}
security-headers.confadd_header …nginx ×1