Changes between Version 5 and Version 6 of Ticket #823, comment 3


Ignore:
Timestamp:
10/29/15 17:38:25 (5 years ago)
Author:
arno01@…

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #823, comment 3

    v5 v6  
    66IMHO, it is normal to control it over there in one file, instead of discarding all the headers because of the one single 'add_header' placed at the lower level.
    77
    8 In other words if I have 'Strict-Transport-Security', 'Public-Key-Pins', 'X-Frame-Options', 'X-XSS-Protection' and 'X-Content-Type-Options' set at the top level configuration file, why would I want to discard all of them by enabling 'X-Robots-Tag' header at the lower level? This creates duplication problem which leads to more complex configuration management, where one needs to keep in mind that there are certain headers in some of the vhosts which discard the main top-level headers config file.
     8In other words if I have 'Strict-Transport-Security', 'Public-Key-Pins', 'X-Frame-Options', 'X-XSS-Protection' and 'X-Content-Type-Options' set at the top level configuration file, why would I want to discard all of them "just" by _adding_ a single 'X-Robots-Tag' header at the lower level? This creates duplication problem which leads to more complex configuration management, where one needs to keep in mind that there are certain headers in some of the vhosts which discard the main top-level headers config file.