Security headers created twice#14
Security headers created twice#14conseilgouz wants to merge 1 commit intozero-24:masterfrom conseilgouz:pmleconte-patch-1
Conversation
…ed twice : once in .htaccess/web.config file and once in html code.
|
Hi, I can not reproduce the problem? Can you please confirm and let me know your cache settings? |
|
Hi, Cache is disabled. Securityheaders.com shows following screens
X-frame-options, X-XSS-Protection, ... appear twice and we have the following warnings.
Pascal |
|
hmm can you please check the actual htaccess and show me it's contents? Maybe something there is different than on my site or there might be different rules applied with the |
|
HI, Taking a look at the code, my patch seems obvious, but, plugin's behaviour is different on some of my website also. It seems to be related to hoster configuration. Gandi, OVH hostings give the same problem when 1&1 (Ionos) hosted websites do work fine. All my websites are working with AESecure to create .htaccess file and use the same template. |
Well it also disables the csp headers configured as "additional headers" as they are excluded from beeing written to the htaccess, so this would mean that part needs to be rewritten too.
I don't know AESecure can you please check the htaccess files whether there are calls to
I would like to workout what is the problem with the hosts is before applying patches for issues I don't understand, because code wise we seam to be fine as showed by 1&1 and my hoster. |
|
7835098 - Removes the option completely |
2 participants
Hi,
Thank you for this plugin.
When "write header to config file" is set, security headers are created twice : once in .htaccess/web.config file and once in html code.
When looking at your website with https://securityheaders.com/, everything is ok except warnings about duplicate headers.
I'm working with Joomla 3.9.5 which includes joomla/joomla-cms#24429
Pascal