Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • concrexit concrexit
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 70
    • Issues 70
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 10
    • Merge requests 10
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • thaliathalia
  • concrexitconcrexit
  • Merge requests
  • !995

Remove redundant http headers

  • Review changes

  • Download
  • Email patches
  • Plain diff
Merged Joren Vrancken requested to merge remove_redundant_headers into master Oct 13, 2018
  • Overview 2
  • Commits 1
  • Changes 1

Short description

$ curl -I https://thalia.nu/                                                              

                                           
HTTP/2 200 
server: nginx/1.14.0 (Ubuntu)
date: Fri, 12 Oct 2018 22:50:12 GMT
content-type: text/html; charset=utf-8
content-length: 23238
vary: Accept-Language, Cookie
content-language: en
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
set-cookie: csrftoken=kZ2w81nKFw1jew42B0ZKea5IK5s4mjqZDTdQBZv44qOv25WzCjF7eOMISrtZg58H; expires=Fri, 11-Oct-2019 22:50:12 GMT; Max-Age=31449600; Path=/; Secure
set-cookie: sessionid=jjwncj5k4nuz6fj5tvlajtzre0xsxrvj; expires=Fri, 26-Oct-2018 22:50:12 GMT; HttpOnly; Max-Age=1209600; Path=/; Secure
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=63072000; includeSubDomains; preload

The x-frame-options, x-content-type-options and x-xss-protection headers are set twice (x-frame-options with two different values). These headers are set by both nginx and Django.

It would be best to let nginx handle the HTTP headers.

Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: remove_redundant_headers