Question:
I have a fcgi application (php) sending the headers
Content-Security-Policy: sandbox;
Content-Type: foobar
X-Accel-Redirect: /test
and for some reason nginx is forwarding the Content-Type header, but it's not forwarding the Content-Security-Policy: sandbox; header
my php source code is:
<?php
header("Content-Security-Policy: sandbox;");
header("Content-Type: foobar");
header("X-Accel-Redirect: /test");
and the test file contains: testcontent
and when i hit it with curl -v i get:
$ curl paste.lan:81/test.php -v
* Trying 127.0.0.1:81...
* TCP_NODELAY set
* Connected to paste.lan (127.0.0.1) port 81 (#0)
> GET /test.php HTTP/1.1
> Host: paste.lan:81
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.18.0 (Ubuntu)
< Date: Sun, 21 Feb 2021 14:26:35 GMT
< Content-Type: foobar
< Content-Length: 12
< Last-Modified: Sun, 21 Feb 2021 14:26:00 GMT
< Connection: keep-alive
< ETag: "60326d78-c"
< Accept-Ranges: bytes
<
testcontent
* Connection #0 to host paste.lan left intact
so, any idea why nginx isn't forwarding the Content-Security-Policy header? or how to fix it?
Solved with:
add_header Content-Security-Policy $upstream_http_content_security_policy;
I'm not sure why i have to do it with Content-Security-Policy and not with Content-Type but oh well...
