id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,uname,nginx_version 854,Add inherited keyword for altering directive inheritance,Haravikk@…,,"I wanted to set a few basic headers for all of my HTTP responses in nginx, however the current behaviour of `add_header` is that it is inherited from `http` only if a `server` block has no headers of its own. I'd like to propose the addition of an `inherited` (or similar) keyword for the `add_header` directive that will allow it to be explicitly inherited by nested blocks in spite of its normal behaviour. However, it is likely that this override may be useful for other directives that aren't inherited by default as well. The only one that springs to mind is `try_files` which I include in most location blocks except those that are to forbid access (where I put a `deny` instead). In my particular use case I was hoping to add the `X-Frame-Options: DENY` header to all `http` responses, thus preventing all content on my sites from being placed in iframes by default (in supported browsers). This is a useful way to avoid legitimate pages being used for phishing/click-jacking in modern browsers (i.e- attacks where the user is interacting with the actual, full-featured site, but what they do is captured by the page it is embedded within). Unfortunately most of my server blocks have a custom header of some kind, particularly SSL server blocks (which have an HSTS header) so `add_header` under `http` has no effect. It's fairly trivial in this case I admit, but I think that allowing users to override inheritence behaviour when they know they want to is useful.",enhancement,closed,minor,,nginx-core,1.9.x,wontfix,configuration,,Linux localhost 3.16.0-53-generic #72~14.04.1-Ubuntu SMP Fri Nov 6 18:17:23 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux,"nginx version: nginx/1.8.0 built with OpenSSL 1.0.1f 6 Jan 2014 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module --add-module=/build/buildd/nginx-1.8.0/debian/modules/nginx-auth-pam --add-module=/build/buildd/nginx-1.8.0/debian/modules/nginx-dav-ext-module --add-module=/build/buildd/nginx-1.8.0/debian/modules/nginx-echo --add-module=/build/buildd/nginx-1.8.0/debian/modules/nginx-upstream-fair --add-module=/build/buildd/nginx-1.8.0/debian/modules/ngx_http_substitutions_filter_module"