New http header option : what option for sections?

For the new http header option, the doc says:

  for = "/**.html"
    Content-Security-Policy = "script-src localhost:1313"

But those headers are not delivered to html page if section is accessed via section/ instead of section/index.html.
Wich seems legit with the "/**.html" option, but not with real usage.

It works with option "/**" but those headers are also sent with all files.
Option "**/" seems to work as expected.

Any tip/light about what is the expected behaviour for this ??

Thanks for this post. I couldn’t figure out why the headers weren’t applied with the for = "/**.html" path.

It might be an unindented development feature. I don’t suppose it should work like this.

Because if you access localhost:1313/my-first-post/index.html, hugo server responds with 301 - Moved Permanently, and redirects to localhost:1313/my-first-post/.

So even though the headers are properly added to */index.html, they aren’t useful because there’s an immediate redirect.

The Netlify docs, from which the Hugo feature took its idea, mention that for is “the path or URL where the headers will be added”. But I don’t see examples for how to handle URLs with for.

Perhaps Netlify users can shed some light on this. :slightly_smiling_face: