Hello all,
I work on Concrete v 9.2.0,
I tried adding security headers in system&settings->Environment->security.
I noticed that the settings are fine the first time I check in the browser console after clearing the concrete cache, but
when pages are displayed from cache, there are no more security headers.
Thanks for your help.
Hi @AJR - that sounds like it might be a core bug - are you able to recreate it on a demo site here?
https://community.concretecms.com/get-concrete-site
Hello @EvanCooper and thanks to you for your reply.
I recreate bug on demo site
https://ztestca-zprp-qurd.plskyline1.concreteserver.com
When pages are display without cache, I have two different rules for Stric-transport-Security and X-Frame6Options and one for Content-Security-Policy.
When pages are display with cache, I have not my values of security headers in system&settings->Environment->security.
Thanks for your help.
You’re welcome @AJR - then yes definitely create a new issue → bug report here with this information:
And hopefully a fix can get added in the new version. Thanks!
