Changes between Version 2 and Version 3 of Ticket #854, comment 3


Ignore:
Timestamp:
06/04/17 14:05:18 (5 years ago)
Author:
aeris@…

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #854, comment 3

    v2 v3  
    3737You can always split your config on multiple snippet files but you have to simulate all the inheritance with a {{{snippets/global.conf}}} included by all {{{snippets/vhost-x.conf}}}, included by {{{site-availables/vhost-x.conf}}} in server and each location section. But this is not an ideal workaround and you're always at risk (specially in case of vendor config) of location/vhost not including snippet or not the right.
    3838
    39 If you use config generator, simulating inheritance is hard and you have to do a lot of work to be able to propagate headers down to locations, with lots of code and lots of config. And even in this case, there is no simple way to ensure the resulting behavior.
     39If you use config generator, simulating inheritance is hard and you have to do a lot of work to be able to propagate headers down to locations, with lots of code and lots of config. And even in this case, there is no simple way to ensure the resulting behavior.
     40
     41Some headers are difficult to "inherit" too. CSP for example, if included inside a snippet, can't be overwritten (both snippet and overwritten value will be present at the end).
    4042
    4143I think it will be better, safer and simpler to have a directive directly in nginx to allow inheritance, at least for {{{add_header}}} which is the only inheritance trouble I met.
    42 An {{{add_header}}} option {{{inherit}}} like {{{always}}} will do the job, for example {{{add_header Foo Bar inherit}}}.
     44An {{{add_header}}} option {{{inherit}}} like {{{always}}} will do the job, for example {{{add_header Strict-Transport-Security XXX inherit;}}}. An {{{overwrite}}} option will be cool too for CSP ({{{add_header Content-Security-Policy XXX overwrite;}}}.