Allow setting unquoted or custom flags on add_headers #1249
Conversation
|
@itbm can you please update test specs to show these conditions? Otherwise, LGTM. Thanks! |
|
nginx::location also has an |
|
I have added it to locations and updated the tests. |
| @@ -1,3 +1,11 @@ | |||
| <%- @add_header.keys.sort.each do |key| -%> | |||
There was a problem hiding this comment.
I do wonder if we should also rewrite this to @add_header.sort.each do |header, value|. I think that's the same but leads to cleaner code
templates/server/server_header.erb
Outdated
| @@ -117,7 +117,15 @@ server { | |||
| <% end -%> | |||
| <% if @add_header -%> | |||
| <%- @add_header.keys.sort.each do |key| -%> | |||
There was a problem hiding this comment.
Could we include the templates/server/locations/headers.erb template here to avoid duplication?
| @@ -146,6 +146,14 @@ server { | |||
| <% end -%> | |||
| <% if @add_header -%> | |||
| <%- @add_header.keys.sort.each do |key| -%> | |||
| @@ -146,6 +146,14 @@ server { | |||
| <% end -%> | |||
| <% if @add_header -%> | |||
There was a problem hiding this comment.
With https://github.com/voxpupuli/puppet-nginx/pull/1255/files#diff-47715bb968540f5a31b0a368f867a413R159 we can lose this line without any loss of functionality.
bastelfreak
added
enhancement
|
I have changed the sort.each and included the locations/headers.erb file in the others. |
Allow setting unquoted or custom flags on add_headers
|
I wanted to share that when attempting use the add_header in a hiera role, using the following puppet Hash would add the header to Nginx but the header would not be seen by Nginx due to not specifying the always setting in quotes: Initial Puppet settings add_header: Initial Nginx Results
add_header "Strict-Transport-Security" "max-age=31536000; includeSubDomains;" always";
When Nginx is restarted, the header is not recognized. In order to get Nginx configuration to recognize the "always" setting I had to add some extra double quotes to the puppet Hash I had in place: Updated Puppet settings Updated Nginx Results
add_header "Strict-Transport-Security" "max-age=31536000; includeSubDomains;" "always";
Wanted to share in case anyone else has runs into trying to use the add_header option from the server resource and experiences this issue. Using the add_header setting from this module was tricky, would be nice to make it easier to use the always setting in future releases.This is similar to what @benh57 experienced in #1020 |
|
Hi. add_header:
Strict-Transport-Security:
'max-age=<your time>; includeSubDomains': always
X-Frame-Options: deny
X-Content-Type-Options: nosniff
Content-Security-Policy: >-
default-src 'self'; style-src 'self';
style-src-elem; |
Allow setting unquoted or custom flags on add_headers
Allows any combination of add_headers quoting.
This solves issues highlighted in #991 #992 #1020
Double Quotes:
would produce
add_header "Access-Control-Allow-Origin" "*";Double Quotes and Unquoted
would produce
add_header "Access-Control-Allow-Origin" "*" always;Custom Quotes
would produce
add_header "Access-Control-Allow-Origin" '*' always;