I have one proxy server(nginx) - such as nginx.mycom.com and three upstream
servers - name1.mycom.com, name2.mycom.com name3.mycom.com for my one
application. Contents from upstream servers have a lot of iframes which
have different domains. I want to allow XSS for these different domains. I
don't know how to achieve XSS for this application.
For instance, when contents from name1.mycom.com has two iframes that their
src are name1.mycom.com/content1 and name2.mycom.com/content2, can I do the
following to achieve XSS?
(1). replace name1.mycom.com/content1 with nginx.mycom.com/content1
replace name2.mycom.com/content1 with nginx.mycom.com/content2
add_header for XSS
(2). When nginx.mycom.com/content1 request is coming, proxy to
name1.mycom.com/content1
add_header for XSS
(3). When nginx.mycom.com/content2 request is coming, proxy to
name2.mycom.com/content2
add_header for XSS
I only have limited knowledge of Nignx. I like to use NginxScript to
achieve this goal. Can I do it in Nginx. I do appreciate your suggestion
and some examples.
David
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
