0

After getting information about X-Frame-Options header, I want apply it to our scripts loaded from Google Cloud Storage via load balancer. Files uploaded using @google-cloud/storage npm package for nodejs. This upload options snippet gives unexpected results:

     let requiredOptions = {
        resumable : false,
        predefinedAcl: 'publicread',
        metadata: {
            contentType: 'text/javascript',
            cacheControl: 'public, max-age=35920000, no-transform',
            contentEncoding: 'gzip',
            metadata: {
                ['X-Frame-Options']: 'sameorigin'
            }
        }
    };

Problem: the resulting headers contain the x-goog-meta-x-frame-options: sameorigin instead of expected x-frame-options: sameorigin.

When I tried to use

     let requiredOptions = {
        resumable : false,
        predefinedAcl: 'publicread',
        metadata: {
            contentType: 'text/javascript',
            cacheControl: 'public, max-age=35920000, no-transform',
            contentEncoding: 'gzip',
            ['X-Frame-Options']: 'sameorigin'
        }
    };

The X-Frame-Options did not included at all. How to add advanced header to uploaded file metadata in a way that resulting header name will not start from x-goog-meta- prefix?

Kote Isaev
  • 273
  • 4
  • 13
  • I have found this [post](https://stackoverflow.com/questions/43853564/custom-http-headers-with-google-cloud-cdn-and-bucket-backend) that seems to be related with your issue. As is specified in the comments, there is a [feature request](https://issuetracker.google.com/issues/36427250) opened, that you can comment and star it in order to follow the process. – ericcco Aug 29 '19 at 08:54
  • Thanks! I stared that feature request – Kote Isaev Aug 29 '19 at 20:17

0 Answers0