node.jsgoogle-cloud-storage

How to set X-Frame-Options for file in Google Cloud Storage


After getting information about X-Frame-Options header, I want apply it to our scripts loaded from Google Cloud Storage via load balancer. Files uploaded using @google-cloud/storage npm package for nodejs. This upload options snippet gives unexpected results:

     let requiredOptions = {
        resumable : false,
        predefinedAcl: 'publicread',
        metadata: {
            contentType: 'text/javascript',
            cacheControl: 'public, max-age=35920000, no-transform',
            contentEncoding: 'gzip',
            metadata: {
                ['X-Frame-Options']: 'sameorigin'
            }
        }
    };

Problem: the resulting headers contain the x-goog-meta-x-frame-options: sameorigin instead of expected x-frame-options: sameorigin.

When I tried to use

     let requiredOptions = {
        resumable : false,
        predefinedAcl: 'publicread',
        metadata: {
            contentType: 'text/javascript',
            cacheControl: 'public, max-age=35920000, no-transform',
            contentEncoding: 'gzip',
            ['X-Frame-Options']: 'sameorigin'
        }
    };

The X-Frame-Options did not included at all. How to add advanced header to uploaded file metadata in a way that resulting header name will not start from x-goog-meta- prefix?


Solution

  • Custom headers can be added in Load Balancer backend bucket.

    1. Edit load balancer configuration
    2. Goto Backend Configuration
    3. Edit Backend Bucket
    4. Expand the Advanced Configurations
    5. Add headers in Custom response headers

    Reference: https://cloud.google.com/load-balancing/docs/https/custom-headers#response-options-storage

    adding CSP header