Re: Behavior of security headers

Hello, I guess the 'problem' you are struggling with is one you seem to inflict to yourself. As Valentin explained, and as it is the case with other directives as well ( fastcgi_param immediately comes to my mind), if you

Re: Behavior of security headers

OK, if I understand this right - in my original config I have 2 additional add_header (cache-control) directives in /image location. And these 2 directives prevent that the security headers will be applied on server level? It seems so as this will explain why it works when I apply the sec.headers o

Re: Behavior of security headers

On Monday 26 January 2015 08:38:08 okamzol wrote: > That's exactly the point - I wanted to set these headers on server level to > become valid for the whole domain and all inherent location blocks. This > avoids the need to repeat all headers in each location... > But are you sure, that you don't

Re: Behavior of security headers

That's exactly the point - I wanted to set these headers on server level to become valid for the whole domain and all inherent location blocks. This avoids the need to repeat all headers in each location... Posted at Nginx Forum: http://forum.nginx.org/read.php?2,256270,256273#msg-256273 ___

Re: Behavior of security headers

On Monday 26 January 2015 06:19:54 okamzol wrote: > Hi, > > I've a question regarding the different security headers > (Content-Security-Policy, etc.) which can be set via add_header. > In the docs it is mentioned that "add_header" can be set on every level > (http, server, location). So i tried

Behavior of security headers

Hi, I've a question regarding the different security headers (Content-Security-Policy, etc.) which can be set via add_header. In the docs it is mentioned that "add_header" can be set on every level (http, server, location). So i tried to set some security related header in the server block relate