I have one proxy server(nginx) - such as nginx.mycom.com and three upstream servers - name1.mycom.com, name2.mycom.com name3.mycom.com for my one application. Contents from upstream servers have a lot of iframes which have different domains. I want to allow XSS for these different domains. I don't know how to achieve XSS for this application.
For instance, when contents from name1.mycom.com has two iframes that their src are name1.mycom.com/content1 and name2.mycom.com/content2, can I do the following to achieve XSS? (1). replace name1.mycom.com/content1 with nginx.mycom.com/content1 replace name2.mycom.com/content1 with nginx.mycom.com/content2 add_header for XSS (2). When nginx.mycom.com/content1 request is coming, proxy to name1.mycom.com/content1 add_header for XSS (3). When nginx.mycom.com/content2 request is coming, proxy to name2.mycom.com/content2 add_header for XSS I only have limited knowledge of Nignx. I like to use NginxScript to achieve this goal. Can I do it in Nginx. I do appreciate your suggestion and some examples. David
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx