How can I set a different header depending on the value of a header returned by the backend?
Specifically I’d want to set a different Content-Security-Policy based on what X-Frame-Options the backend sends
In nginx I’d use
map $http_x_frame_options $frame_ancestors {
default "https:";
"DENY" "'none'";
"SAMEORIGIN" "'self'";
"~ALLOWFROM (.*)" "'self' \1";
}
server {
...
add_header "Content-Security-Policy" "... frame-ancestors $frame_ancestors";
}
Is there a way to achieve the same thing (or at least just DENY, SAMEORIGIN and the default) with Caddy?