Im trying to add headers to all responses from meteor but assets from the public folder don’t get this headers. Im setting helmet in the server like this.
WebApp.connectHandlers.use(helmet());
The pages do get the headers, its only the public assets that don’t. Any of you guys have had this issue?
Assets from the public folder are being served by the webserver running meteor and not by meteor itself. If you are using nginx, then you can set the headers through nginx.
Actually doing it in this way worked on public files.
WebApp.rawConnectHandlers.use((req, res, next) => {
res.setHeader('Cross-Origin-Opener-Policy', 'same-origin');
res.setHeader('Cross-Origin-Embedder-Policy', 'require-corp');
res.setHeader('Cross-Origin-Resource-Policy', 'same-site');
next();
});
I’m too used to serving static files through nginx, cdn, or aws. Didn’t realize it can be served through meteor but it was such a waste of resources serving it through the app server.