Gosh that is horrible that I have to copy and paste shared headers in the server block, to all location blocks. Is this a conscious decision? This makes maintainability very difficult as i have to do something like:
[code]
# shared_headers.conf
add_header Alternate-Protocol 443:npn-spdy/3;
add_header Strict-Transport-Security max-age=31556926;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
# expires.conf
location ~* \.(?:ico|css|gif|jpe?g|png|xml)$ {
include shared_headers.conf;
expires 7d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
server {
...
location ^~ /icons {
include shared_headers.conf;
add_header Access-Control-Allow-Origin *;
}
location ^~ /docs {
include shared_headers.conf;
auth_basic "Docs";
auth_basic_user_file /etc/nginx/auth/docs.htpasswd;
}
location ^~ /actions {
include shared_headers.conf;
add_header Access-Control-Allow-Origin https://www.mydomain.com;
}
}
[/code]
Or, is there a better way to do this?