Duplicate security headers are being sent in production, causing issues in Safari
Closed this issue · 1 comments
UncleClapton commented
Describe the bug
On fuelrats.dev
and fuelrats.com
, security headers are sent by NGINX. next-safe
sends the same headers, causing duplicates. This reeks havoc in Safari, where duplicate headers are concatenated instead of overwritten like other browsers.
The fix for this is to submit a PR to next-safe
allowing us to disable specific features, then disable security features depending on dev mode
Expected behavior
No duplicate headers!
Steps to reproduce
N/A
Additional Information (optional)
No response
FuelRats IRC Nickname (optional)
No response
I can help!
- I am willing to fix to this issue, and submit it as a PR.
UncleClapton commented
fixed in develop commit d1c6dcd