How can i add HTTP Headers to my responses?

[Erick Frias]

I developed an app that now is running on App Engine, everything goes well till there but now i need to add some headers to my responses for security purposes, so i did some search on the net and i found App Engine Documentation on HTTP Headers that says you just have to add the headers you need on your app.yaml file like following:

handlers:
- url: /images
  static_dir: static/images
  http_headers:
    X-Foo-Header: foo
    X-Bar-Header: bar value
    vary: Accept-Encoding
  # ...

I already did it but no new header is added to my responses. I need to add CSP header as well as HSTS header. Someone knows how to achieve this?

[Barry Hunter]

The http_headers directive, is only for static files 

Dynamic scripts (python, java, php etc) - should output the headers in application code. 

https://cloud.google.com/appengine/docs/standard/python3/reference/request-response-headers

 

--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/245e4bd6-47a9-4512-85bd-7ba127949f7en%40googlegroups.com.