Hi,
I noticed a discrepancy between the ALPINE Dockerfile and the project documentation regarding the CORS_HEADER_403_CONTENT_TYPE environment variable.
In nginx/Dockerfile-alpine, the value appears to be set differently at line 139: https://github.com/coreruleset/modsecurity-crs-docker/blob/main/nginx/Dockerfile-alpine#L139
In the main Dockerfile, the corresponding value at line 137 is different: https://github.com/coreruleset/modsecurity-crs-docker/blob/main/nginx/Dockerfile#L137
However, the README documents CORS_HEADER_403_CONTENT_TYPE as text/html: https://github.com/coreruleset/modsecurity-crs-docker/blob/main/README.md?plain=1#L249
This creates ambiguity about the expected default value, especially for users relying on the ALPINE image.
Expected behavior:
The ALPINE Dockerfile should match the documented default value, or the README should be updated to reflect the actual intended value.
Actual behavior:
The ALPINE Dockerfile uses a different value from the one documented in the README.
Impact:
This may lead to inconsistent behavior between image variants and confusion for users configuring CORS-related headers.
Would it be possible to align the ALPINE Dockerfile with the documentation, or clarify which value should be considered canonical?
Thanks!
Hi,
I noticed a discrepancy between the ALPINE Dockerfile and the project documentation regarding the CORS_HEADER_403_CONTENT_TYPE environment variable.
In nginx/Dockerfile-alpine, the value appears to be set differently at line 139: https://github.com/coreruleset/modsecurity-crs-docker/blob/main/nginx/Dockerfile-alpine#L139
In the main Dockerfile, the corresponding value at line 137 is different: https://github.com/coreruleset/modsecurity-crs-docker/blob/main/nginx/Dockerfile#L137
However, the README documents CORS_HEADER_403_CONTENT_TYPE as text/html: https://github.com/coreruleset/modsecurity-crs-docker/blob/main/README.md?plain=1#L249
This creates ambiguity about the expected default value, especially for users relying on the ALPINE image.
Expected behavior:
The ALPINE Dockerfile should match the documented default value, or the README should be updated to reflect the actual intended value.
Actual behavior:
The ALPINE Dockerfile uses a different value from the one documented in the README.
Impact:
This may lead to inconsistent behavior between image variants and confusion for users configuring CORS-related headers.
Would it be possible to align the ALPINE Dockerfile with the documentation, or clarify which value should be considered canonical?
Thanks!