Add to route headers?

Route site.local/logs/messages.json

Note, that Cache-Control headers are missing in the response headers

Ideally, the web server should return the following HTTP headers in all responses
containing sensitive content:

  • Cache-control: no-store
  • Pragma: no-cache
1 Like

I am also interested in this qiestion

That is a library called logster.

You can send a PR to GitHub - discourse/logster: Log viewer UI and framework for rack

3 Likes

I want to add headers for this route.

Yes, I got that. The entire /logs route is handled by the aforementioned library, so you will have to hack on it.

3 Likes

ok thanks :+1::muscle:

can i override methods from my custom plugin?

I think this will help in resolving the issue
add to nginx
location /logs/messages.json {
}

add_header Cache-Control "no-store";
add_header Pragma "no-cache";

How to do this through middleware?

req = Rack::Request.new(@env)
    route = req.path_info.to_s
  if (route == '/logs/messages.json')
    #add headers
  end

You could submit a PR to discourse_docker that added those headers via nginx (note: I have nothing to do with accepting a PR, but this seems reasonable).

And there is no easy way for example?

# plugin.rb

   Rails.application.config.action_dispatch.default_headers.merge! ({'Cache-Control' => 'no-store'}, 'my_route_name')

or

   Rails.application.config.action_dispatch.default_headers.merge! ({'Cache-Control' => 'no-store'}, '/logs/messages.json')

You have already identified the solution. You don’t need a plugin. Adding a few lines to your app.yml is easy and requires no plugin.

See Subfolder support with Docker for examples of how to modify the nginx config in the yml file.

3 Likes

How do I add these settings in app.yml?
I could not get :frowning:

Happened!! :slightly_smiling_face:

  - replace:
     filename: "/etc/nginx/conf.d/discourse.conf"
     from: /sendfile on;/
     to: |
       add_header Cache-Control "no-store";
       add_header Pragma "no-cache";
       sendfile on;

Great! Glad you got it!

Hey @falco. Does this seem like something that should be added to the web template?

No, that should be handled in the library code.

4 Likes