add_header X-XSS-Protection is causing problems
Closed this issue · 2 comments
timorunge commented
If you're adding an header with the following format:
- add_header X-XSS-Protection "1; mode=block"
It will cause a problem for the corresponding site. The output in the site.conf will be like:
add_header X-XSS-Protection "1;
mode=block";
The problem is the regex in site.conf.j2
:
{% if v != "" %}{{ v.replace(";",";\n ").replace(" {"," {\n ").replace(" }"," \n }\n") }}{% if v.find('{') == -1%};
But actually I've no real idea how to fix this. :(
jdauphant commented
Use the new notation : point 7 on the Readme.
- |
listen 80;
server_name localhost;
add_header X-XSS-Protection "1; mode=block";
There is multiple issues with the same question if you want more details.
Thanks to close the issue if you save your problem
timorunge commented
Thanks @jdauphant, the multiline patch is working out. Even if it's not the most elegant solution it's working fine for me. If I'll have more time some day I'll take a deeper look.