From 993310641ae4ac85129596d89674504e5d9628f3 Mon Sep 17 00:00:00 2001
From: Emilien Mantel <emilien.mantel@gmail.com>
Date: Tue, 20 Aug 2019 10:35:16 +0200
Subject: [PATCH] Fix "always" management in add_header directive

---
 templates/etc/nginx/sites-available/_base.j2 | 2 +-
 vars/main.yml                                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/etc/nginx/sites-available/_base.j2 b/templates/etc/nginx/sites-available/_base.j2
index dd7eb5e..72d384d 100644
--- a/templates/etc/nginx/sites-available/_base.j2
+++ b/templates/etc/nginx/sites-available/_base.j2
@@ -106,7 +106,7 @@ server {
 {% block template_headers %}
 	# --> Custom headers
 {% for key, value in __headers.iteritems() %}
-	add_header {{ key }} "{{ value }}";
+	add_header {{ key }} "{{ value | regex_replace('\s+always$', '') }}"{% if value | regex_search('\s+always$') %} always{% endif %};
 {% endfor %}
 	# <-- Custom headers
 {% endblock %}
diff --git a/vars/main.yml b/vars/main.yml
index 5678fcf..3d7a7aa 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -46,6 +46,6 @@ nginx_templates_no_dir:
 nginx_servers_default_headers:
   'X-Frame-Options': 'DENY always'
   'X-Content-Type-Options': 'nosniff always'
-  'X-XSS-Protection': '1; mode=block'
+  'X-XSS-Protection': '1; mode=block always'
 
 nginx_acmesh_bin: "{{ nginx_acmesh_dir }}/acme.sh"