Open jelhan opened 3 years ago
+1 running into the same issue currently which is causing mozilla observatory to score our website low due to the duplication of security headers.
+1, I accidentally missed the right repo and created the same issue but in the ember-cli-fastboot repo: https://github.com/ember-fastboot/ember-cli-fastboot/issues/884
A header added in a before middleware is added twice to the response.
Steps to reproduce:
ember-cli-fastboot
andfastboot-app-server
.Create a FastBoot App Server, which adds a header in a before middleware and safe it as
server.js
.node server.js
.I expect
Content-Security-Policy
header to be only be present once. But it's present twice.Please note that I see the same for
X-Powered-By: Express
header, which is added by Express automatically regardless of my usage of FastBoot App Server.A repository with the reproduction steps applied can be found here: https://github.com/jelhan/test-fastboot-with-header