add_header X-XSS-Protection is causing problems

Question

add_header X-XSS-Protection is causing problems

Closed this issue 6 years ago · 2 comments

If you're adding an header with the following format:

- add_header X-XSS-Protection "1; mode=block"

It will cause a problem for the corresponding site. The output in the site.conf will be like:

   add_header X-XSS-Protection "1;
       mode=block";

The problem is the regex in site.conf.j2:

{% if v != "" %}{{ v.replace(";",";\n      ").replace(" {"," {\n      ").replace(" }"," \n   }\n") }}{% if v.find('{') == -1%};

But actually I've no real idea how to fix this. :(

Answer 1 · 2018-06-20T20:07:51.000Z

Use the new notation : point 7 on the Readme.

- |
  listen 80;
  server_name localhost;
  add_header X-XSS-Protection "1; mode=block";

There is multiple issues with the same question if you want more details.
Thanks to close the issue if you save your problem

Answer 2 · 2018-06-20T21:15:08.000Z

Thanks @jdauphant, the multiline patch is working out. Even if it's not the most elegant solution it's working fine for me. If I'll have more time some day I'll take a deeper look.