Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
requesting slightly more verbose docs for gatsby-plugin-netlify's `mergeSecurityHeaders` setting
See original GitHub issueSummary
It was not obvious from reading https://www.gatsbyjs.org/packages/gatsby-plugin-netlify/ (particularly the configuration section that the mergeSecurityHeaders set the following header rules widely:
`X-Frame-Options: DENY`,
`X-XSS-Protection: 1; mode=block`,
`X-Content-Type-Options: nosniff`,
`Referrer-Policy: same-origin`
using MergeSecurityHeaders: false does indeed disable them. Could we get an explicit mention of what those headers are in the docs, which currently gloss over it? I will be happy to create a PR if that is preferred, though I am not sure of the best place to say it. By default I’d probably create a comment block like this, right in the middle of the configuration section, but I am not the best docs writer! Something like this:
// mergeSecurityHeaders: true will set the following:
// `X-Frame-Options: DENY`,
// `X-XSS-Protection: 1; mode=block`,
// `X-Content-Type-Options: nosniff`,
// `Referrer-Policy: same-origin`
Motivation
This is opaque and can lead to CORS errors with common workflows such as embedding youtube videos in your gatsby pages.
Steps to resolve this issue
I don’t propose a behavior change, just some clarity on what that feature does without reading the source code or trying to reverse engineer a deployed netlify site by looking at HTTP response headers in the browser and thinking “I didn’t set those…how are they there?”
Please let me know if a PR would be appropriate and I will happily open one following either the above plan or your guidance!
Issue Analytics
- State:
- Created 4 years ago
- Comments:8 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
cc @gatsbyjs/learning
We have couple of plugins that document options in different ways:
It would be nice to come around at consistent way of documenting options (and defaults). I think that adding comments to
gatsby-config.jsexample (like in gatsby-source-wordpress README) is least readable way and would like either nested headers (like ingatsby-source-contentfulREADME or table (like ingatsby-remark-imagesREADME).The documentation change to add more clarity to plugin options is always welcome, let’s just figure out nicest way to do it and hopefully that would be “go to” way to do this.