After getting information about X-Frame-Options header, I want apply it to our scripts loaded from Google Cloud Storage via load balancer.
Files uploaded using @google-cloud/storage
npm package for nodejs.
This upload options snippet gives unexpected results:
let requiredOptions = {
resumable : false,
predefinedAcl: 'publicread',
metadata: {
contentType: 'text/javascript',
cacheControl: 'public, max-age=35920000, no-transform',
contentEncoding: 'gzip',
metadata: {
['X-Frame-Options']: 'sameorigin'
}
}
};
Problem: the resulting headers contain the x-goog-meta-x-frame-options: sameorigin
instead of expected x-frame-options: sameorigin
.
When I tried to use
let requiredOptions = {
resumable : false,
predefinedAcl: 'publicread',
metadata: {
contentType: 'text/javascript',
cacheControl: 'public, max-age=35920000, no-transform',
contentEncoding: 'gzip',
['X-Frame-Options']: 'sameorigin'
}
};
The X-Frame-Options
did not included at all.
How to add advanced header to uploaded file metadata in a way that resulting header name will not start from x-goog-meta-
prefix?
Custom headers can be added in Load Balancer backend bucket.
Reference: https://cloud.google.com/load-balancing/docs/https/custom-headers#response-options-storage