Open leandrocostam opened 4 months ago
cc: @Revolyssup
@leandrocostam We had the same issue. To avoid it you can put: "example.com" instead of "https://example.com" in Content-Security-Policy. It works in the same way
@leandrocostam We had the same issue. To avoid it you can put: "example.com" instead of "https://example.com" in Content-Security-Policy. It works in the same way
Yes, that works when you don't have to restrict the load over HTTPS. It's something that we need right now 😞
Also, there are cases where you can have the following CSP policy block:
img-src 'self' data: blob:
It also breaks the response-rewrite plugin
We are using the headers.set
as a workaround for now. By checking the code, it's a different validation and it's not breaking the plugin.
Current Behavior
I am trying to add some headers using the response-rewrite plugin in APISIXRoute CRD, but I am facing an error in the APISIX controller. The current pattern doesn't allow header value that contain multiples
:
. A common use case is when you have to add theContent-Security-Policy
header with multiple domains usinghttps://
.Expected Behavior
I should be able to define values for the headers using multiples
:
.Error Logs
ApisixRoute Resource Events Source: ApisixIngress
Steps to Reproduce
Environment