Bug: Remove duplicate headers in Reponse
theskumar opened this issue · 2 comments
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Fri, 11 Aug 2017 11:31:19 GMT
REQUEST_ID: e3a346aae36b41549f6613117a2bde18
Server: nginx
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
strict-transport-security: max-age=600000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
Currently it returns, see duplicates for:
X-Frame-Options
x-xss-protection
the duplicate header are because both Django & Nginx both are adding these headers
Django -
Nginx -
Django headers are needed only when we are deploying to service like Heroku.
Suggestions - there can be a variable in cookie-cutter config to ask if heroku scripts are needed and based on that we can alter the variable.
or
We can have these variables to be picked from .env and In .env.sample we can define in comments when this need to be set to True of False.
To start off, Django settings should be disabled if using Ansible (+ controllable with .env, would be nice to have), later can we can have an explicit choice b/w Heroku and AWS.
Subsequently, we would be dropping support of Heroku.