Closed saurabhgupta050890 closed 4 years ago
I am not able to reproduce this. Here's the diff in headers I'm seeing without and with crumb (both cases using security: true
):
{
'content-type': 'text/html; charset=utf-8',
'strict-transport-security': 'max-age=15768000',
'x-frame-options': 'DENY',
'x-xss-protection': '1; mode=block',
'x-download-options': 'noopen',
'x-content-type-options': 'nosniff',
'cache-control': 'no-cache',
- 'content-length': 104,
+ 'set-cookie': [
+ 'crumb=NrymIabFe6k7fXdc9z7jmq271CZfONpxWGl3BHeRQ5E; Secure; HttpOnly; SameSite=Strict; Path=/'
+ ],
+ 'content-length': 147,
'accept-ranges': 'bytes',
- date: 'Wed, 29 Jul 2020 02:49:53 GMT',
+ date: 'Wed, 29 Jul 2020 02:49:27 GMT',
connection: 'keep-alive'
}
In each case the security headers are preserved. If you still believe there is an issue, can you provide some more details and perhaps a more complete reproduction?
Also, if you believe there is a security issue please contact us directly per our security policy, which is referenced alongside the issue templates when you attempt to create a new issue.
No follow up. I'll close this out.
Support plan
Context
What are you trying to achieve or the steps to reproduce?
What was the result you got?
I am setting security to
true
to enable default security headers. When I use crumb plugin the security headers are removedWhat result did you expect?
Plugin should work with default security headers