ngx_xss: Native support for cross-site scripting in an nginx

W-Mark Kubacki wmark+nginx at
Fri Jan 29 23:05:58 MSK 2010

2010/1/29 agentzh <agentzh at>:
> On Fri, Jan 29, 2010 at 5:11 AM, Tobia Conforto
> <tobia.conforto at> wrote:
>> Am I the only one wondering what's the use of this module?
> The initial motivation of writing this module is to build a
> full-fledged blog app that is powered completely by nginx.conf and
> client-side JavaScript. I already have something runnable now. Here's
> the nginx.conf that I've got so far if you're interested:

You can set "document.domain" in JS and then have a domain, say static pages with header and footer, for example on
a CDN, and a domain which does your actual magic.

Therefore drizzle and rds_json module (btw, see my issue on Github)
seem to me being the main parts. xss would cover the case where the
blog's (2nd level) domain differs from the one to serve the JSON

Thanks for sharing!



More information about the nginx mailing list