Can't set custom headers like X-Frame-Options


#1

I want to be able to set some security headers on pages served by the ember app.

alternately… is there any middleware like helmet ( https://www.npmjs.com/package/helmet ) I can just drop in?

I’ve googled everything I can think of and have tried all the solutions that were even remotely similar to my situation.

Helmet has been my solution for plain old express apps but I dont see how to use it with Ember. I’ve essentially inherited an Ember codebase as the original developers have been rotated onto other projects. Ember is quite new to me.

Thanks!


#2

Ember isn’t actually able to set headers, as it’s just JavaScript files that are served up by something else. You’ll want to set those headers with your web server of choice instead.


#3

Not sure this is what you want but you can add headers like this:


#4

Figured out that I could do what I wanted in our buildpack on heroku. I was mistakenly thinking that there was an underlying express server tied to the Ember app.

Thanks!