From f5c5c61349f4745f3b3234db03ec752a72e804e4 Mon Sep 17 00:00:00 2001
From: Umputun <umputun@gmail.com>
Date: Sun, 25 Apr 2021 12:57:11 -0500
Subject: [PATCH] add header example

---
 README.md                          | 9 ++++++++-
 examples/docker/docker-compose.yml | 4 ++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 3900d96..858aec8 100644
--- a/README.md
+++ b/README.md
@@ -130,7 +130,14 @@ Assets server supports caching control with the `--assets.cache=<duration>` para
 
 - `--gzip` enables gzip compression for responses.
 - `--max=N` allows to set the maximum size of request (default 64k)
-- `--header` sets extra header(s) added to each proxied request
+- `--header` sets extra header(s) added to each proxied response. For example this is how it can be done with the docker compose:
+```yaml
+  environment:
+      - HEADER=
+          X-Frame-Options:SAMEORIGIN,
+          X-XSS-Protection:1; mode=block;,
+          Content-Security-Policy:default-src 'self'; style-src 'self' 'unsafe-inline';
+```
 - `--timeout.*` various timeouts for both server and proxy transport. See `timeout` section in [All Application Options](#all-application-options)
 
 ## Ping and health checks
diff --git a/examples/docker/docker-compose.yml b/examples/docker/docker-compose.yml
index 6549ffe..71e068c 100644
--- a/examples/docker/docker-compose.yml
+++ b/examples/docker/docker-compose.yml
@@ -15,6 +15,10 @@ services:
       - DOCKER_AUTO=true
       - ASSETS_LOCATION=/web
       - DEBUG=true
+      - HEADER=
+          X-Frame-Options:SAMEORIGIN,
+          X-XSS-Protection:1; mode=block;,
+          Content-Security-Policy:default-src 'self'; style-src 'self' 'unsafe-inline';
 
   # automatic destination, will be mapped for ^/api/svc1/(.*)
   svc1: