eje211
Reputation: 2429
Play framework custom headers ignored
I have this very simple Play controller:
@Singleton
class Application @Inject()(cc: ControllerComponents) extends AbstractController(cc) {
def index = Action {
Ok(views.html.index(SharedMessages.itWorks))
.withHeaders("Content-Security-Policy" -> "script-src 'unsafe-eval'")
}
}
But the added header is ignored. The Content Security Policy in the rendered page is the default one:
Content-Security-Policy: default-src 'self'
Why is that?
Upvotes: 2
Views: 202
Answers (1)
Harald Gliebe
Reputation: 7544
Do you have Play!'s security filter enabled? In that case you have to set the CSP header in the application.conf configuration file instead of adding it manually.
See Play! SecurityHeaders for details.
Upvotes: 1
Related Questions
- scala play 2.0 get request header
- Play Framework adding headers to http request
- Discarding already set headers on Play Framework 2.x
- Getting "Cannot find HTTP header here" in play framework Scala
- Play Framework: How to Add a Header to Every Response
- Why I cannot read my custom header in scala view?
- Play headers scala version 2
- Play 2 - Set header on all responses?
- Set custom response headers in Play 2.1 (scala)
- Setting HTTP headers in Play 2.0 (scala)?