This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2018-05-24
Channels
- # adventofcode (11)
- # architecture (12)
- # beginners (132)
- # boot (19)
- # cider (26)
- # clojure (69)
- # clojure-dusseldorf (4)
- # clojure-gamedev (1)
- # clojure-italy (46)
- # clojure-nl (4)
- # clojure-serbia (1)
- # clojure-switzerland (2)
- # clojure-uk (91)
- # clojurescript (79)
- # css (4)
- # cursive (2)
- # datomic (16)
- # docs (9)
- # duct (20)
- # editors (94)
- # fulcro (15)
- # graphql (2)
- # hoplon (1)
- # instaparse (7)
- # jobs (3)
- # lein-figwheel (3)
- # leiningen (2)
- # lumo (40)
- # mount (35)
- # off-topic (19)
- # reagent (18)
- # reitit (1)
- # shadow-cljs (123)
- # specter (7)
- # sql (5)
- # test-check (4)
- # tools-deps (38)
- # vim (20)
- # yada (9)
setting : :security {:content-type-options nil}
is not forcing the config merge to dissoc the value.
Curious that doesn’t work. Can you report it as a bug, @lambder?
As a workaround, you should be able to write:
:duct.middleware.web/defaults
{:security ^:replace {:anti-forgery true
:xss-protection {:enable? true, :mode :block}
:frame-options :sameorigin}}
Is there any way to put middleware to the top of :middleware
other than replacing whole :middleware
vector?
Yes, you can use ^:prepend
But for more complex stuff you currently have to replace the :middleware
vector
Append is the default when you merge, so you can forgo it in that case.
It depends whether you want your middleware to be inside or outside.
Usually you want it to be inside, since then you gain benefits from error handling, parameters, session etc.
@weavejester Thank you!
@weavejester having:
:duct.module.web/site {}
:duct.middleware.web/defaults {:security ^:replace {:anti-forgery true
:xss-protection {:enable? true, :mode :block}
:frame-options :sameorigin}}
:duct.middleware.web/defaults {:params {:urlencoded true, :multipart true, :nested true, :keywordize true},
:cookies true,
:session {:flash true, :cookie-attrs {:http-only true, :same-site :strict}},
:security {:anti-forgery true,
:xss-protection {:enable? true, :mode :block},
:frame-options :sameorigin,
:content-type-options :nosniff},
:static {:resources ["duct/module/web/public" "firds_mirror/public"]},
:responses {:not-modified-responses true,
:absolute-redirects true,
:content-types true,
:default-charset "utf-8"}},
@lambder Can you give me more information, such as the context and dependency versions? I can’t replicate your results.