Remove inherited header applied by splat path in _headers

Support
23

Hi @hillary,

Thanks for your reply. Yes I still has same issues that I mentioned in my last message.
Below are the details

  1. Netlify site Id: tbo-site and site URL is https://tbo.clothing
  2. Below are the latest build logs
  3. Below is the screenshot of the errors. You can check all server headers on this link.

Screenshot 2021-04-20 at 11.25.16 AM
Screenshot 2021-04-20 at 11.25.16 AM1912Γ—965 168 KB

7:02:46 PM: Build ready to start
7:02:48 PM: build-image version: be42e453d6c8f171cc2f654acc29c0a8b60e6d93
7:02:48 PM: build-image tag: v3.7.1
7:02:48 PM: buildbot version: e8edb9f29a9e870ab9525bcf3d3ee805e7b84580
7:02:48 PM: Fetching cached dependencies
7:02:48 PM: Starting to download cache of 650.9MB
7:02:51 PM: Finished downloading cache in 3.00660553s
7:02:51 PM: Starting to extract cache
7:03:13 PM: Finished extracting cache in 22.20351057s
7:03:13 PM: Finished fetching cache in 25.417764106s
7:03:13 PM: Starting to prepare the repo for build
7:03:14 PM: Preparing Git Reference refs/heads/master
7:03:18 PM: Starting build script
7:03:18 PM: Installing dependencies
7:03:18 PM: Python version set to 2.7
7:03:19 PM: Started restoring cached node version
7:03:26 PM: Finished restoring cached node version
7:03:26 PM: Attempting node version β€˜lts/*’ from .nvmrc
7:03:26 PM: v14.16.1 is already installed.
7:03:27 PM: Now using node v14.16.1 (npm v6.14.12)
7:03:27 PM: Started restoring cached build plugins
7:03:27 PM: Finished restoring cached build plugins
7:03:27 PM: Attempting ruby version 2.7.1, read from environment
7:03:29 PM: Using ruby version 2.7.1
7:03:29 PM: Using PHP version 5.6
7:03:29 PM: Started restoring cached node modules
7:03:29 PM: Finished restoring cached node modules
7:03:29 PM: Started restoring cached go cache
7:03:29 PM: Finished restoring cached go cache
7:03:29 PM: go version go1.14.4 linux/amd64
7:03:29 PM: go version go1.14.4 linux/amd64
7:03:29 PM: Installing missing commands
7:03:29 PM: Verify run directory
7:03:32 PM: ​
7:03:32 PM: ────────────────────────────────────────────────────────────────
7:03:32 PM: Netlify Build
7:03:32 PM: ────────────────────────────────────────────────────────────────
7:03:32 PM: ​
7:03:32 PM: ❯ Version
7:03:32 PM: @netlify/build 11.1.0
7:03:32 PM: ​
7:03:32 PM: ❯ Flags
7:03:32 PM: deployId: 607d867e302c380007283956
7:03:32 PM: ​
7:03:32 PM: ❯ Current directory
7:03:32 PM: /opt/build/repo
7:03:32 PM: ​
7:03:32 PM: ❯ Config file
7:03:32 PM: /opt/build/repo/netlify.toml
7:03:32 PM: ​
7:03:32 PM: ❯ Context
7:03:32 PM: production
7:03:32 PM: ​
7:03:32 PM: ❯ Loading plugins
7:03:32 PM: - netlify-plugin-gatsby-cache@0.3.0 from Netlify app
7:03:32 PM: ​
7:03:32 PM: ────────────────────────────────────────────────────────────────
7:03:32 PM: 1. onPreBuild command from netlify-plugin-gatsby-cache
7:03:32 PM: ────────────────────────────────────────────────────────────────
7:03:32 PM: ​
7:03:36 PM: Found a Gatsby cache. We’re about to go FAST. :zap:
7:03:36 PM: ​
7:03:36 PM: (netlify-plugin-gatsby-cache onPreBuild completed in 3.6s)
7:03:36 PM: ​
7:03:36 PM: ────────────────────────────────────────────────────────────────
7:03:36 PM: 2. Build command from Netlify app
7:03:36 PM: ────────────────────────────────────────────────────────────────
7:03:36 PM: ​
7:03:36 PM: $ npm run build
7:03:36 PM: > tbo-clothing@0.1.0 build /opt/build/repo
7:03:36 PM: > cross-env GATSBY_EXPERIMENTAL_PAGE_BUILD_ON_DATA_CHANGES=true NODE_ENV=production gatsby build --log-pages
7:03:44 PM: success open and validate gatsby-configs - 0.104s
7:03:46 PM: success load plugins - 2.135s
7:03:46 PM: success onPreInit - 0.063s
7:03:46 PM: success initialize cache - 0.007s
7:03:46 PM: success copy gatsby files - 0.080s
7:03:46 PM: success onPreBootstrap - 0.026s
7:03:49 PM: success loading DatoCMS schema - 2.272s
7:03:49 PM: success createSchemaCustomization - 2.381s
7:04:00 PM: success loading DatoCMS content - 10.544s
7:04:00 PM: success Checking for changed pages - 0.000s
7:04:00 PM: success source and transform nodes - 11.540s
7:04:03 PM: success building schema - 2.618s
7:04:03 PM: info Total nodes: 12730, SitePage nodes: 266 (use --verbose for breakdown)
7:04:03 PM: success createPages - 0.551s
7:04:03 PM: success Checking for changed pages - 0.000s
7:04:04 PM: warning Non-deterministic routing danger: Attempting to create page: β€œ/room”, but page β€œ/room/” already exists
7:04:04 PM: This could lead to non-deterministic routing behavior
7:04:04 PM: success createPagesStatefully - 0.231s
7:04:04 PM: success Cleaning up stale page-data - 0.015s
7:04:04 PM: success update schema - 0.080s
7:04:04 PM: success onPreExtractQueries - 0.006s
7:04:06 PM: success extract queries from components - 2.040s
7:04:06 PM: success write out redirect data - 0.001s
7:04:06 PM: success Build manifest and related icons - 0.152s
7:04:06 PM: success onPostBootstrap - 0.156s
7:04:06 PM: info bootstrap finished - 29.951s
7:04:06 PM: success write out requires - 0.101s
7:04:33 PM: success Building production JavaScript and CSS bundles - 26.693s
7:04:33 PM: success Rewriting compilation hashes - 0.002s
7:04:33 PM: info One or more of your source files have changed since the last time you ran Gatsby. All
7:04:33 PM: pages will be rebuilt.
7:04:52 PM: success Building static HTML for pages - 18.941s - 310/310 16.37/s
7:04:52 PM: success Delete previous page data - 0.001s
7:04:53 PM: info Generated public/sw.js, which will precache 11 files, totaling 1127834 bytes.
7:04:53 PM: The following pages will be precached:
7:04:53 PM: /offline-plugin-app-shell-fallback/index.html
7:04:53 PM: success onPostBuild - 0.320s
7:04:53 PM: info Done building in 76.78182855 sec
7:04:53 PM: (build.command completed in 1m 17.5s)
7:04:53 PM: ​
7:04:53 PM: ────────────────────────────────────────────────────────────────
7:04:53 PM: 3. onPostBuild command from netlify-plugin-gatsby-cache
7:04:53 PM: ────────────────────────────────────────────────────────────────
7:04:53 PM: ​
7:04:57 PM: Stored the Gatsby cache to speed up future builds.
7:04:57 PM: ​
7:04:57 PM: (netlify-plugin-gatsby-cache onPostBuild completed in 3.7s)
7:04:57 PM: ​
7:04:57 PM: ────────────────────────────────────────────────────────────────
7:04:57 PM: 4. Deploy site
7:04:57 PM: ────────────────────────────────────────────────────────────────
7:04:57 PM: ​
7:04:57 PM: Starting to deploy site from β€˜public’
7:04:57 PM: Creating deploy tree asynchronously
7:04:57 PM: Creating deploy upload records
7:05:00 PM: 317 new files to upload
7:05:00 PM: 0 new functions to upload
7:05:08 PM: Site deploy was successfully initiated
7:05:08 PM: ​
7:05:08 PM: (Deploy site completed in 10.8s)
7:05:08 PM: ​
7:05:08 PM: ────────────────────────────────────────────────────────────────
7:05:08 PM: Netlify Build Complete
7:05:08 PM: ────────────────────────────────────────────────────────────────
7:05:08 PM: ​
7:05:08 PM: (Netlify Build completed in 1m 36.1s)
7:05:08 PM: Caching artifacts
7:05:08 PM: Started saving node modules
7:05:08 PM: Finished saving node modules
7:05:08 PM: Started saving build plugins
7:05:08 PM: Finished saving build plugins
7:05:08 PM: Started saving pip cache
7:05:08 PM: Finished saving pip cache
7:05:08 PM: Started saving emacs cask dependencies
7:05:08 PM: Finished saving emacs cask dependencies
7:05:08 PM: Started saving maven dependencies
7:05:08 PM: Finished saving maven dependencies
7:05:08 PM: Started saving boot dependencies
7:05:08 PM: Finished saving boot dependencies
7:05:08 PM: Started saving rust rustup cache
7:05:08 PM: Finished saving rust rustup cache
7:05:08 PM: Started saving go dependencies
7:05:08 PM: Finished saving go dependencies
7:05:08 PM: Build script success
7:05:11 PM: Starting post processing
7:05:12 PM: Post processing - HTML
7:05:13 PM: Minifying js bundle
7:06:31 PM: Post processing - header rules
7:06:31 PM: Post processing - redirect rules
7:06:32 PM: Post processing done
7:06:32 PM: Site is live :sparkles:
7:07:02 PM: Finished processing build request in 4m14.314141828s

25

Hi, @allan.perrottet. This is what I see in _headers for this site’s current deploy:

/*
  X-Frame-Options: DENY
  X-XSS-Protection: 1; mode=block
  X-Content-Type-Options: nosniff
  Referrer-Policy: same-origin
  Content-Security-Policy: frame-ancestors https://optimize.google.com

I do see all these headers sent when I request the site:

$ curl -svo /dev/null  https://tbo.clothing/  2>&1 | egrep '^< '
< HTTP/2 301
< cache-control: public, max-age=0, must-revalidate
< content-length: 20
< content-security-policy: frame-ancestors https://optimize.google.com
< content-type: text/plain; charset=utf-8
< date: Thu, 29 Apr 2021 21:54:23 GMT
< referrer-policy: same-origin
< x-content-type-options: nosniff
< x-frame-options: DENY
< x-xss-protection: 1; mode=block
< age: 30839
< x-nf-request-id: b4dbf6a1-6344-479b-a7c1-11661b063dbe
< server: Netlify
< location: /us/
<

It sounds like the question here may not be this:

  • How do I set headers at Netlify?

and may instead be this:

  • What headers do I need to make https://optimize.google.com/ function correctly?

If you are asking this second question, the answer is that I don’t know. That would be a great question for Google though.

If there are questions about how to set a certain CSP rules at Netlify, our support team can assist. However, if you are asking for us to tell you what CSP rules to make, that is outside the scope of the technical support we provide.

Someone else here may have suggestions about the CSP itself so you are welcome to ask about this here. However, I must again repeat for clarity, our support team doesn’t answer questions like this.

If there are questions about how to use Netlify or about the scope of our support, please let us know.