0

I have nodejs docker application is running on Azure's App Services. It has been set up a custom domain.

I want to block cross-site scripting. In nginx i can add more_set_headers "x-xss-protection: 1; mode=block"; to block the cross-site scripting.

How do we achieve this in Azure App Service? Is this okay to run Nginx in the same container?

Ramesh Murugesan
  • 4,727
  • 7
  • 42
  • 67

1 Answers1

1

You will need to set that header in his nginx.conf or default.conf. Refer - Adding and using header (HTTP) in nginx

Node js can run inside a container without Nginx - in this case you can set the Header via code 2. If you want Nginx to act as a reverse proxy for his Node application..you have to build a custom container with both and then you can set the header via Nginx configuration

DashleenBhandari-MSFT
  • 631
  • 3
  • 4
  • Hi @DashleenBhandari-MSFT How do we achieve this in Azure App Service? Nginx is not in the App Service. – Ramesh Murugesan May 22 '19 at 13:12
  • 1. Node js can run inside a container without Nginx - in this case you can set the Header via code 2. If you want Nginx to act as a reverse proxy for his Node application..you have to build a custom container with both and then you can set the header via Nginx configuration – DashleenBhandari-MSFT May 23 '19 at 04:13
  • 1
    Thanks, @DashleenBhandari-MSFT! Makes sense to set up in the Node application. I thought Azure Web App Service may manage the headers like CORS – Ramesh Murugesan May 23 '19 at 05:57