application headers are copied on error page
rdoorn opened this issue · 1 comments
rdoorn commented
if we let Mercury handle the 500+'s of the application, the application headers sent are maintained.
we should either reset the headers and generate a new error page, or make this optional.
(seeing that its an error page, i see little value in keeping csp-headers generated by the application giving an error)
rdoorn commented
keeping this as is, external items on custom error pages should be embedded in the error page, and never reside on a external host, so content security policy headers will stay intact.