This is an automated email from the ASF dual-hosted git repository.
csantanapr pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/incubator-openwhisk-apigateway.git
The following commit(s) were added to refs/heads/master by this push:
new 0a84552 Security: Disable use of X-Accel-Redirect header (#330)
0a84552 is described below
commit 0a84552c0740c414196f28312041a42d70e9a88b
Author: moritzraho <[email protected]>
AuthorDate: Sat Dec 1 05:22:48 2018 +0100
Security: Disable use of X-Accel-Redirect header (#330)
---
api-gateway.conf | 3 +++
1 file changed, 3 insertions(+)
diff --git a/api-gateway.conf b/api-gateway.conf
index 64da494..ddcea92 100644
--- a/api-gateway.conf
+++ b/api-gateway.conf
@@ -61,6 +61,9 @@ pcre_jit on;
http {
default_type text/plain;
+ # disallow usage of X-Accel-Redirect header
+ proxy_ignore_headers X-Accel-Redirect;
+
# Set in-memory buffer size
client_body_buffer_size 1M;
client_max_body_size 1M;
