Override Global Headers after setting with cust_nginx.CUSTOM.post

Vibe

Verified User
Joined
Aug 3, 2005
Messages
124
Hello - Happy New Year.

I am running default Apache/NGINX servers with global security headers as per the DA docs.

A customer has asked that I add an additional external domain to their Permissions-Policy sync-xhr setting. (i.e. newdomain.com below):

Code:
add_header Permissions-Policy 'geolocation=*, midi=(), sync-xhr=(self "https://newdomain.com" "https://|DOMAIN|" "https://www.|DOMAIN|"), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=(), fullscreen=(self "https://|DOMAIN|" "https://www.|DOMAIN|" )';

Now I am not finding a way to override the global headers for a single domain.

I can add the custom header through the Admin Level area (Httpd.conf Customization) - but this simply creates a duplicate Permissions-Policy header, vs overriding what is currently in place.

Is it possible to override headers set with cust_nginx.CUSTOM.post?

Does this require a custom nginx_server.conf template in order to do so?

Thank you for any insight.
 
This is a bit of a puzzle - and I am sure a big oversight on my part. The default DA configs have always been sufficient for my needs.

However, when using CustomBuild Apache/NGINX along with the DA docs for NGINX A+ global security headers, it appears .htaccess overrides for individual domains have no affect. As a test I have tried several variations of the following for this particular domain:

Code:
Header always unset X-Frame-Options

However, Google Chrome reports the Global headers have not changed, as does securityheaders.com. I have not yet discovered the path of least resistance.

I can remove the global headers and edit the |CUSTOM| tokens for individual domains through Admin Level - but that does not seem very efficient. I know I am missing a key DA process here!

Do other Apache/NGINX users set global security headers for their clients? If so - how do you override them? Or do you leave this up to the end user?

Thank you for any suggestions.
 
Hello,

You might use custom tokens and/or PHP in templates to customize the headers on per domain bases. Or even IF/ELSE constructions.
 
Thank you Alex. I was finally able to find the proper syntax to use and have "fixed" the issue.
 
Back
Top