Warm tip: This article is reproduced from serverfault.com, please click
Unable to override some of the values of HTTP Response headers
发布于 2020-07-25 14:24:12
I am facing difficulties in overriding the list of HTTP Response headers listed below
X-Content-Type-Options (from 1 to nosniff)
X-Frame-Options (from SAMEORIGIN to deny)
Set-Cookie (add HttpOnly;Secure)
I have tried to put these values into the Listener's HTTP Response headers as well as utilizing the Header Removal and Header Injection in the API Manager policies but to no success in overriding to the intended values.
May I know how do override the HTTP Response headers? Kindly refer to the photo of the values that I have set.
API Policies
Header Removal
Header Injection
Listener's response header values in the mule project
Response header from the API call
Questioner
Jason Lee
Viewed
0
Yes @Lei Zhao, you are right, I have managed to found out about this after struggling for quite some time. When you say MuleSoft has fixed it, does that means even DLB injected those headers but MuleSoft will allow us to remove or modify at the app or policy level in the next release?