http.filter (as @Whitestrake mentioned) works well for this. I have a github proxy with a config like this:
https://github.example.com {
filter rule {
content_type text/html.*
search_pattern assets-cdn.github.com
replacement assets.example.com
}
proxy / https://github.com {
header_downstream -Content-Security-Policy
header_downstream -Strict-Transport-Security
header_downstream -Public-Key-Pins
header_downstream -X-XSS-Protection
}
}
https://assets.example.com {
proxy / https://assets-cdn.github.com {
header_downstream -Content-Security-Policy
header_downstream -Strict-Transport-Security
header_downstream -Public-Key-Pins
header_downstream -X-XSS-Protection
}
}
Login to github doesn’t work, however, as 302 redirects are not rewritten.