How do I set headers ?
-
Hi,
I have ran a few testers on the web and the tests are reporting im missing a few headers and need them to improve security.I tried adding headers using an action on the main ha frontend like below
After applying settings Im getting an error about the option needing exactly 2 arguments .. How should I set such headers and where ? Straight in the config (wouldnt this be overwritten by ha-proxy ?)?
Thanks!
-
You probably want to set http response headers, not request headers.
-
allright thanks, I will change it to request. So this is the correct place/way to put in the headers ? How would I configure this header:
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
The value contains spaces, so haproxy interface on pfsense wont accept it. I get the error it needs 2 arguments ?
Thanks!
-
Something like this.
All I did was enclose everything in double quotes. Ended up with this:
http-response set-header Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'" if yourAcl
I didn't test it.
-
Cool! thanks, will test this and see if it works.
-
nice, it seems to work, getting A+ result now !
-
@Actionhenk Nice. One other thing: I haven't looked at it but I assume if you need double quotes in a string like that in the future you can just escape the ones inside the string with
\"