django-init icon indicating copy to clipboard operation
django-init copied to clipboard
verified publisher icon Fueled

Bug: Remove duplicate headers in Reponse

Open theskumar opened this issue 8 years ago • 2 comments 

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Fri, 11 Aug 2017 11:31:19 GMT
REQUEST_ID: e3a346aae36b41549f6613117a2bde18
Server: nginx
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
strict-transport-security: max-age=600000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

Currently it returns, see duplicates for:

X-Frame-Options
x-xss-protection

theskumar avatar Aug 11 '17 11:08 theskumar

the duplicate header are because both Django & Nginx both are adding these headers Django -https://github.com/Fueled/django-init/blob/3d6e4a5821e6e934f9e679f45784c808bca1a3e6/%7B%7Bcookiecutter.github_repository%7D%7D/settings/common.py#L314 Nginx - https://github.com/Fueled/django-init/blob/3d6e4a5821e6e934f9e679f45784c808bca1a3e6/%7B%7Bcookiecutter.github_repository%7D%7D/provisioner/roles/nginx/templates/nginx.conf.j2#L41

Django headers are needed only when we are deploying to service like Heroku.

Suggestions - there can be a variable in cookie-cutter config to ask if heroku scripts are needed and based on that we can alter the variable. or We can have these variables to be picked from .env and In .env.sample we can define in comments when this need to be set to True of False.

vikalpj avatar Oct 25 '17 09:10 vikalpj

To start off, Django settings should be disabled if using Ansible (+ controllable with .env, would be nice to have), later can we can have an explicit choice b/w Heroku and AWS.

Subsequently, we would be dropping support of Heroku.

theskumar avatar Oct 25 '17 10:10 theskumar