CODEWITHSUNDEEP
firebasefirebase-hostingfirebase-cli
Naresh
Naresh

Reputation: 25803

Firebase hosting does not send custom HTTP headers

According to Firebase Hosting docs, I should be able to set custom headers on responses received from the server. I am trying to set the X-Frame-Options header on all html files, but the server simply does not want to send this header! Here's my firebase.json file, please let me know if I am doing anything wrong:

{
  "hosting": {
    "public": "build",
    "ignore": [
      "firebase.json",
      "**/.*",
      "**/node_modules/**"
    ],
    "headers": [
      {
        "source": "**/*.html",
        "headers": [
          {
            "key": "X-Frame-Options",
            "value": "SAMEORIGIN"
          }
        ]
      }
    ]
  }
}

Upvotes: 4

Views: 2045

Answers (2)

Tim Philip
Tim Philip

Reputation: 321

I just went through a lot of trial and error on the same issue. I noticed a small little section in the firebase documentation:

A source value that Hosting matches against the original request path, regardless of any rewrite rules.

If your setup is like mine, you probably have this in your firebase.json file:

  "rewrites": [{
    "source": "**",
    "destination": "/index.html"
  }]

However, while you may be returning index.html, the original request path was simply "/", so on your headers section use this:

"source": "/"

This is what worked for me.

Upvotes: 6

Naresh
Naresh

Reputation: 25803

After lot of trial and error, I found the issue. All this while I was trying to load index.html using https://my-project.firebaseapp.com - this apparently does not trigger the header. I had to explicitly add /index.html at the end of the URL to make it work: https://my-project.firebaseapp.com/index.html. I should not have to do this, but that was the problem. So the question still remains - how do you get the firebase configuration to match an implied index.html.

Upvotes: 2

Related Questions