Duplicate security headers are being sent in production, causing issues in Safari

Question

Duplicate security headers are being sent in production, causing issues in Safari

Closed this issue 3 years ago · 1 comments

Describe the bug

On fuelrats.dev and fuelrats.com, security headers are sent by NGINX. next-safe sends the same headers, causing duplicates. This reeks havoc in Safari, where duplicate headers are concatenated instead of overwritten like other browsers.

The fix for this is to submit a PR to next-safe allowing us to disable specific features, then disable security features depending on dev mode

Expected behavior

No duplicate headers!

Steps to reproduce

N/A

Additional Information (optional)

No response

FuelRats IRC Nickname (optional)

No response

I can help!

I am willing to fix to this issue, and submit it as a PR.

Answer 1 · 2021-10-17T17:16:12.000Z

fixed in develop commit d1c6dcd