Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

X-Frame-Options in nginx to allow all domains

Tags:

nginx

server

iframe

x-frame-options

nginx-reverse-proxy

I'm using nginx as a reverse proxy for my website.

I want to be able to open my website in an iFrame from a chrome extension new tab html file.

For this, I need my nginx to set X-Frame-Options to allow all domains.

According to this answer, all domains is the default state if you don't set X-Frame-Options.

My /etc/nginx/nginx.conf doesn't have the X-Frame-Options set anywhere.

Yet when I check my website response header using Postman, it shows me X-Frame-Options = SAMEORIGIN.

How can I remove this setting and load my website in an iFrame in the chrome new-tab .html file?

like image 750
Mallika Khullar Avatar asked Nov 21 '17 05:11

Mallika Khullar

People also ask

How do I enable X-Frame-options in nginx?

To enable the X-Frame-Options header in Nginx, add the following line in your Nginx web server default configuration file /etc/nginx/sites-enabled/example. conf: add_header X-Frame-Options "SAMEORIGIN"; Next, restart the Nginx service to apply the changes.

How do I enable X-Frame-options?

Double-click the HTTP Response Headers icon in the feature list in the middle. In the Actions pane on the right side, click Add. In the dialog box that appears, type X-Frame-Options in the Name field and type SAMEORIGIN in the Value field. Click OK to save your changes.

What is X-Frame-Options deny?

X-Frame-Options:DENY is a header that forbids a page from being displayed in a frame. If your server is configured to send this heading, your sign-on screen will not be allowed to load within the embed codes provided by Credo, which use the iframe HTML element.

How do I remove X-Frame-Options deny?

You can remove the HTTP header X-Frame-Options: SAMEORIGIN from WordPress by removing the send_frame_options_header function from the admin_init and login_init hooks. For example, you can add the following to your theme's functions.

2 Answers

Solved it by changing proxy_hide_header values in /etc/nginx/sites-available/default file like so:

proxy_hide_header X-Frame-Options;

Needed to restart nginx as well as use pm2 to restart my nodejs server (for some reason, it didn't work till I made a small change to my server and restarted it).

like image 172
Mallika Khullar Avatar answered Sep 30 '22 17:09

Mallika Khullar

add_header X-Frame-Options ""; did the trick for me in nginx 1.12.

like image 45
Jonathan Avatar answered Sep 30 '22 17:09

Jonathan
Sign in to Comment

Related questions

nginx 301 redirect with query string
Sidekiq worker not getting triggered
nginx: [emerg] unknown directive " " in /etc/nginx/sites-enabled/example.com:3
nginx and auth_basic
Is it ok to put line-breaks in add_header in nginx configuration?
How to stop nginx for windows?
NGinX cannot connect to Jenkins on CentOS 7
Any AWS EB Laravel route getting 404 Not Found nginx/1.16.1
Nginx Cannot Find OpenSSL Development Headers
When do we need to use http block in nginx config file?
I continuously receive `Invalid HTTP_HOST header` error email after I upgrade my django site from http to https
recommended nginx configuration for meteor
.net Core on Windows vs Linux
Php has its own /tmp in /tmp/systemd-private-nABCDE/tmp when accessed through nginx
Nginx - Do I really need sites-available and sites-enabled folders?
Nginx failing to load CSS and JS files (MIME type error)?
Change the X-Frame-Options to allow all domains
Making nginx check parameter in url
Access denied (403) for PHP files with Nginx + PHP-FPM
How to parse several log nginx files using goaccess

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!