CODEWITHSUNDEEP
google-app-enginenginx
Fabrizio
Fabrizio

Reputation: 11

NGINX headers not working with GAE app.yaml

I'm trying to set some Nginx headers, running on Google App Engine B4.

This is the piece of code that I've placed in my app.yaml file:

runtime_config:
  nginx_conf_http_include: nginx-http.conf

An this is the content of the nginx-http.conf file:

# Security headers
server_tokens off;
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self';" always;
add_header Referrer-Policy no-referrer;
add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";

None of these headers are available after deployment.

Please help guys!

Upvotes: 0

Views: 237

Answers (1)

Emmanuel
Emmanuel

Reputation: 1494

The nginx_conf_http_include configuration item is only available for Flex environments and PHP language, that's why it doesn't work. The best way to approach would be to set the headers by using the Handlers element, more specifically the http_headers, for example:

handlers:
- url: /images
  static_dir: static/images
  http_headers:
    X-Foo-Header: foo
    X-Bar-Header: bar value
  # ...

Upvotes: 1

Related Questions