4

According to Firebase Hosting docs, I should be able to set custom headers on responses received from the server. I am trying to set the X-Frame-Options header on all html files, but the server simply does not want to send this header! Here's my firebase.json file, please let me know if I am doing anything wrong:

{
  "hosting": {
    "public": "build",
    "ignore": [
      "firebase.json",
      "**/.*",
      "**/node_modules/**"
    ],
    "headers": [
      {
        "source": "**/*.html",
        "headers": [
          {
            "key": "X-Frame-Options",
            "value": "SAMEORIGIN"
          }
        ]
      }
    ]
  }
}
Improve this question

2 Answers 2

Reset to default
6

I just went through a lot of trial and error on the same issue. I noticed a small little section in the firebase documentation:

A source value that Hosting matches against the original request path, regardless of any rewrite rules.

If your setup is like mine, you probably have this in your firebase.json file:

  "rewrites": [{
    "source": "**",
    "destination": "/index.html"
  }]

However, while you may be returning index.html, the original request path was simply "/", so on your headers section use this:

"source": "/"

This is what worked for me.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks for the tip. Although I am not using this project anymore, this will be helpful in the future.
2

After lot of trial and error, I found the issue. All this while I was trying to load index.html using https://my-project.firebaseapp.com - this apparently does not trigger the header. I had to explicitly add /index.html at the end of the URL to make it work: https://my-project.firebaseapp.com/index.html. I should not have to do this, but that was the problem. So the question still remains - how do you get the firebase configuration to match an implied index.html.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.