Hello.
I use `add_header` to build Content Security Policy and Feature Policy headers. To help with change control and maintainability I build an Nginx variable from nothing and add each Content Security Policy and Feature Policy data/source type on a different line. The Nginx variable is unique to the `server` block. For example (excerpt from `server` block for subdomain.example.com):
#nested variable for Content Security Policy maintainability
set $contentsecuritypolicy_https_subdomain_example_com '';
set $contentsecuritypolicy_https_subdomain_example_com '${contentsecuritypolicy_https_subdomain_example_com}connect-src \'self\';';
set $contentsecuritypolicy_https_subdomain_example_com '${contentsecuritypolicy_https_subdomain_example_com}default-src \'none\';';
set $contentsecuritypolicy_https_subdomain_example_com '${contentsecuritypolicy_https_subdomain_example_com}font-src \'self\';';
set $contentsecuritypolicy_https_subdomain_example_com '${contentsecuritypolicy_https_subdomain_example_com}frame-ancestors \'none\';';
set $contentsecuritypolicy_https_subdomain_example_com '${contentsecuritypolicy_https_subdomain_example_com}img-src \'self\';';
set $contentsecuritypolicy_https_subdomain_example_com '${contentsecuritypolicy_https_subdomain_example_com}manifest-src \'self\';';
set $contentsecuritypolicy_https_subdomain_example_com '${contentsecuritypolicy_https_subdomain_example_com}media-src \'self\';';
set $contentsecuritypolicy_https_subdomain_example_com '${contentsecuritypolicy_https_subdomain_example_com}object-src \'none\';';
set $contentsecuritypolicy_https_subdomain_example_com '${contentsecuritypolicy_https_subdomain_example_com}script-src \'self\';';
set $contentsecuritypolicy_https_subdomain_example_com '${contentsecuritypolicy_https_subdomain_example_com}style-src https://cdnjs.cloudflare.com \'self\';';
set $contentsecuritypolicy_https_subdomain_example_com '${contentsecuritypolicy_https_subdomain_example_com}worker-src \'self\';';
add_header Content-Security-Policy $contentsecuritypolicy_https_subdomain_example_com;
#nested variable for Feature Policy maintainability
set $featurepolicy_https_subdomain_example_com '';
set $featurepolicy_https_subdomain_example_com '${featurepolicy_https_subdomain_example_com}camera \'none\';';
set $featurepolicy_https_subdomain_example_com '${featurepolicy_https_subdomain_example_com}fullscreen \'self\';';
set $featurepolicy_https_subdomain_example_com '${featurepolicy_https_subdomain_example_com}geolocation \'none\';';
set $featurepolicy_https_subdomain_example_com '${featurepolicy_https_subdomain_example_com}gyroscope \'none\';';
set $featurepolicy_https_subdomain_example_com '${featurepolicy_https_subdomain_example_com}magnetometer \'none\';';
set $featurepolicy_https_subdomain_example_com '${featurepolicy_https_subdomain_example_com}microphone \'none\';';
set $featurepolicy_https_subdomain_example_com '${featurepolicy_https_subdomain_example_com}midi \'none\';';
set $featurepolicy_https_subdomain_example_com '${featurepolicy_https_subdomain_example_com}notifications \'self\';';
set $featurepolicy_https_subdomain_example_com '${featurepolicy_https_subdomain_example_com}payment \'none\';';
set $featurepolicy_https_subdomain_example_com '${featurepolicy_https_subdomain_example_com}push \'self\';';
set $featurepolicy_https_subdomain_example_com '${featurepolicy_https_subdomain_example_com}speaker \'none\';';
set $featurepolicy_https_subdomain_example_com '${featurepolicy_https_subdomain_example_com}sync-xhr \'self\';';
set $featurepolicy_https_subdomain_example_com '${featurepolicy_https_subdomain_example_com}vibrate \'none\''; #no trailing semicolon
add_header Feature-Policy $featurepolicy_https_subdomain_example_com;
This method provides a level of visibility for change control, and is preferable to the everything-on-one-line method for each header type.
I am aware this method also consumes additional memory due to the increased `variables_hash_bucket_size` requirements.
Is there an alternative way I could build two headers with each content/source type on its own line, without nesting and appending variables?
Thank you in advance for any feedback or advice.