application headers are copied on error page

Question

application headers are copied on error page

rdoorn opened this issue 7 years ago · 1 comments

if we let Mercury handle the 500+'s of the application, the application headers sent are maintained.
we should either reset the headers and generate a new error page, or make this optional.
(seeing that its an error page, i see little value in keeping csp-headers generated by the application giving an error)

Answer 1 · 2018-03-16T09:19:31.000Z

keeping this as is, external items on custom error pages should be embedded in the error page, and never reside on a external host, so content security policy headers will stay intact.