Dev_Work
(Aleksandr)
March 18, 2019, 2:10pm
1
Route site.local/logs/messages.json
Note, that Cache-Control headers are missing in the response headers
Ideally, the web server should return the following HTTP headers in all responses
containing sensitive content:
Cache-control: no-store
Pragma: no-cache
1 Like
I am also interested in this qiestion
Falco
(Falco)
March 19, 2019, 7:15pm
3
3 Likes
Dev_Work
(Aleksandr)
March 19, 2019, 10:41pm
4
I want to add headers for this route.
Falco
(Falco)
March 19, 2019, 10:46pm
5
Yes, I got that. The entire /logs
route is handled by the aforementioned library, so you will have to hack on it.
3 Likes
Dev_Work
(Aleksandr)
March 19, 2019, 10:53pm
7
can i override methods from my custom plugin?
Dev_Work
(Aleksandr)
March 21, 2019, 12:58am
8
I think this will help in resolving the issue
add to nginx
location /logs/messages.json {
}
add_header Cache-Control "no-store";
add_header Pragma "no-cache";
How to do this through middleware?
req = Rack::Request.new(@env)
route = req.path_info.to_s
if (route == '/logs/messages.json')
#add headers
end
pfaffman
(Jay Pfaffman)
March 21, 2019, 1:21am
9
You could submit a PR to discourse_docker that added those headers via nginx (note: I have nothing to do with accepting a PR, but this seems reasonable).
Dev_Work
(Aleksandr)
March 21, 2019, 6:29am
10
And there is no easy way for example?
# plugin.rb
Rails.application.config.action_dispatch.default_headers.merge! ({'Cache-Control' => 'no-store'}, 'my_route_name')
or
Rails.application.config.action_dispatch.default_headers.merge! ({'Cache-Control' => 'no-store'}, '/logs/messages.json')
pfaffman
(Jay Pfaffman)
March 21, 2019, 10:26am
11
You have already identified the solution. You don’t need a plugin. Adding a few lines to your app.yml is easy and requires no plugin.
See Subfolder support with Docker for examples of how to modify the nginx config in the yml file.
3 Likes
Dev_Work
(Aleksandr)
March 25, 2019, 11:39am
12
How do I add these settings in app.yml?
I could not get
Dev_Work
(Aleksandr)
March 26, 2019, 6:34am
13
Happened!!
Add this to your app.yml:
## Remember, this is YAML syntax - you can only have one block with a name
run:
- exec: echo "Beginning of custom commands"
# A man's not dead while his name is still spoken.
- replace:
filename: "/etc/nginx/conf.d/discourse.conf"
from: /location \/ {/
to: |
location / {
add_header X-Clacks-Overhead "GNU Terry Pratchett";
Make sure to rebuild the container afterwards.
[image]
Terry Pratchett, author of the Discworld novels, w…
- replace:
filename: "/etc/nginx/conf.d/discourse.conf"
from: /sendfile on;/
to: |
add_header Cache-Control "no-store";
add_header Pragma "no-cache";
sendfile on;
pfaffman
(Jay Pfaffman)
March 26, 2019, 11:21am
14
Great! Glad you got it!
Hey @falco . Does this seem like something that should be added to the web template?
Falco
(Falco)
March 26, 2019, 3:17pm
15
No, that should be handled in the library code.
4 Likes