Running a linter such as gixy on the default config yields warnings that headers are dropped with add_header:
>> Problem: [add_header_redefinition] Nested "add_header" drops parent headers.
Description: "add_header" replaces ALL parent headers. See documentation: http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/addheaderredefinition.md
Reason: Parent headers "x-xss-protection", "x-content-type-options", "content-security-policy" was dropped in current level
This is a really sneaky problem, please fix the example config (unfortunately I'm not aware of any "nice" way of fixing this without either splitting headers in another file or using an extension, which is why I'm posting an issue rather than a PR :/)
(BTW while I'm nitpicking about the nginx config, my initial nginx config was just proxying both domains to ports 3000 and 3001 but the comments in config.example.js are wrong about the port httpSafePort. it doesn't default to other port +1, it just doesn't listen if not set - i had to uncomment it to work)
Running a linter such as
gixyon the default config yields warnings that headers are dropped with add_header:This is a really sneaky problem, please fix the example config (unfortunately I'm not aware of any "nice" way of fixing this without either splitting headers in another file or using an extension, which is why I'm posting an issue rather than a PR :/)
(BTW while I'm nitpicking about the nginx config, my initial nginx config was just proxying both domains to ports 3000 and 3001 but the comments in config.example.js are wrong about the port httpSafePort. it doesn't default to other port +1, it just doesn't listen if not set - i had to uncomment it to work)