Overwrite HTTP headers comming back from a web application server proxied in nginx

nginx reverse-proxy http-headers

7,616

It seems that adding proxy_hide_header Content-Security-Policy; did the trick.

7,616

Author by

cis

Web Developer and DevOps. I like to model reality into software: Structure the data, then make it flow the way I want. Code it, deploy it, maintain it - however complex it might become. I have a background in humanities (medieval history).

Updated on September 18, 2022

Comments

cis over 1 year
I have a web application server reverse-proxied behind nginx 1.15 like so:
```
location / {
   proxy_pass https://some.awesome.IP:8080;
   proxy_set_header Host            $host;
   proxy_set_header X-Forwarded-For $remote_addr;
}
add_header Content-Security-Policy "default-src 'self'; frame-ancestor https://subdomain.domain.org 'self'";
```
Now this web application server thinks it would be a good idea to set the Content-Security-Policyheader to frame-ancestors 'self' - which destroys my front-end since I need to wrap that page in an iframe being hosted at https://subdomain.domain.org.

So, how can I in nginx change/overwrite/delete headers coming back from web application server before passing the response to the client? add_header is obviously ignored here.
- Tim over 5 years
  
  I have instructions on how to change Nginx headers here
- cis over 5 years
  
  @Tim I cannot see in how far "Setting Cache Control Headers" relates to my problem.
- Tim over 5 years
  
  You asked how to change headers coming back from an application server before sending them to the client. Cache control headers are just regular headers, you can use the same technique to change any header. I do this for headers sent from Wordpress that disable caching, to enable caching so the CDN can cache resources worldwide. It might not help your specific issue, but is relevant for this kind of problem.