Can't set custom headers like X-Frame-Options

BadZombi · August 23, 2016, 9:21pm

I want to be able to set some security headers on pages served by the ember app.

alternately… is there any middleware like helmet ( helmet - npm ) I can just drop in?

I’ve googled everything I can think of and have tried all the solutions that were even remotely similar to my situation.

Helmet has been my solution for plain old express apps but I dont see how to use it with Ember. I’ve essentially inherited an Ember codebase as the original developers have been rotated onto other projects. Ember is quite new to me.

Thanks!

acorncom · August 24, 2016, 2:49am

Ember isn’t actually able to set headers, as it’s just JavaScript files that are served up by something else. You’ll want to set those headers with your web server of choice instead.

broerse · August 24, 2016, 4:51am

Not sure this is what you want but you can add headers like this:

https://github.com/martinic/ember-simple-auth-pouch/commit/0c1b63ed1bdaa0b4e92c21cb21483d75a9ca42a7

BadZombi · August 24, 2016, 8:16pm

Figured out that I could do what I wanted in our buildpack on heroku. I was mistakenly thinking that there was an underlying express server tied to the Ember app.

Thanks!

Topic		Replies	Views
Security Headers in Ember.js Application Questions	1	639	June 17, 2019
Ember Doesn't Send Additional Headers	0	922	February 5, 2017
Access Route Request Headers	1	1236	February 23, 2017
Making changes to Ember's Built-in web servers headers Ember CLI	5	4172	April 13, 2015
Configuring Ember CLI's dev server to respond to non-`text/html` requests	3	860	June 5, 2018

Can't set custom headers like X-Frame-Options

Related topics