X-Frame-Options in nginx to allow all domains











up vote
5
down vote

favorite
3












I'm using nginx as a reverse proxy for my website.



I want to be able to open my website in an iFrame from a chrome extension new tab html file.



For this, I need my nginx to set X-Frame-Options to allow all domains.



According to this answer, all domains is the default state if you don't set X-Frame-Options.



My /etc/nginx/nginx.conf doesn't have the X-Frame-Options set anywhere.



Yet when I check my website response header using Postman, it shows me X-Frame-Options = SAMEORIGIN.



How can I remove this setting and load my website in an iFrame in the chrome new-tab .html file?






nginx iframe server x-frame-options nginx-reverse-proxy







share|improve this question




























    up vote
    5
    down vote

    favorite
    3












    I'm using nginx as a reverse proxy for my website.



    I want to be able to open my website in an iFrame from a chrome extension new tab html file.



    For this, I need my nginx to set X-Frame-Options to allow all domains.



    According to this answer, all domains is the default state if you don't set X-Frame-Options.



    My /etc/nginx/nginx.conf doesn't have the X-Frame-Options set anywhere.



    Yet when I check my website response header using Postman, it shows me X-Frame-Options = SAMEORIGIN.



    How can I remove this setting and load my website in an iFrame in the chrome new-tab .html file?






    nginx iframe server x-frame-options nginx-reverse-proxy







    share|improve this question


























      up vote
      5
      down vote

      favorite
      3









      up vote
      5
      down vote

      favorite
      3






      3





      I'm using nginx as a reverse proxy for my website.



      I want to be able to open my website in an iFrame from a chrome extension new tab html file.



      For this, I need my nginx to set X-Frame-Options to allow all domains.



      According to this answer, all domains is the default state if you don't set X-Frame-Options.



      My /etc/nginx/nginx.conf doesn't have the X-Frame-Options set anywhere.



      Yet when I check my website response header using Postman, it shows me X-Frame-Options = SAMEORIGIN.



      How can I remove this setting and load my website in an iFrame in the chrome new-tab .html file?






      nginx iframe server x-frame-options nginx-reverse-proxy







      share|improve this question















      I'm using nginx as a reverse proxy for my website.



      I want to be able to open my website in an iFrame from a chrome extension new tab html file.



      For this, I need my nginx to set X-Frame-Options to allow all domains.



      According to this answer, all domains is the default state if you don't set X-Frame-Options.



      My /etc/nginx/nginx.conf doesn't have the X-Frame-Options set anywhere.



      Yet when I check my website response header using Postman, it shows me X-Frame-Options = SAMEORIGIN.



      How can I remove this setting and load my website in an iFrame in the chrome new-tab .html file?






      nginx iframe server x-frame-options nginx-reverse-proxy




      nginx iframe server x-frame-options nginx-reverse-proxy






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 21 '17 at 5:14

























      asked Nov 21 '17 at 5:06









      Mallika

      4251826




      4251826
























          2 Answers
          2






          active

          oldest

          votes

















          up vote
          12
          down vote



          accepted










          Solved it by changing proxy_hide_header values in /etc/nginx/sites-available/default file like so:



          proxy_hide_header X-Frame-Options;


          Needed to restart nginx as well as use pm2 to restart my nodejs server (for some reason, it didn't work till I made a small change to my server and restarted it).






          share|improve this answer

















          • 1




            Wish this was better documented though.
            – Mallika
            Nov 21 '17 at 6:03










          • I did that though not in default in the app-specific conf file and it didn't work. I have Cloudflare in front of the server, does that overwrite the header in anyway?
            – Ashit Vora
            May 1 at 6:24


















          up vote
          1
          down vote













          add_header X-Frame-Options ""; did the trick for me in nginx 1.12.






          share|improve this answer























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f47405597%2fx-frame-options-in-nginx-to-allow-all-domains%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            12
            down vote



            accepted










            Solved it by changing proxy_hide_header values in /etc/nginx/sites-available/default file like so:



            proxy_hide_header X-Frame-Options;


            Needed to restart nginx as well as use pm2 to restart my nodejs server (for some reason, it didn't work till I made a small change to my server and restarted it).






            share|improve this answer

















            • 1




              Wish this was better documented though.
              – Mallika
              Nov 21 '17 at 6:03










            • I did that though not in default in the app-specific conf file and it didn't work. I have Cloudflare in front of the server, does that overwrite the header in anyway?
              – Ashit Vora
              May 1 at 6:24















            up vote
            12
            down vote



            accepted










            Solved it by changing proxy_hide_header values in /etc/nginx/sites-available/default file like so:



            proxy_hide_header X-Frame-Options;


            Needed to restart nginx as well as use pm2 to restart my nodejs server (for some reason, it didn't work till I made a small change to my server and restarted it).






            share|improve this answer

















            • 1




              Wish this was better documented though.
              – Mallika
              Nov 21 '17 at 6:03










            • I did that though not in default in the app-specific conf file and it didn't work. I have Cloudflare in front of the server, does that overwrite the header in anyway?
              – Ashit Vora
              May 1 at 6:24













            up vote
            12
            down vote



            accepted







            up vote
            12
            down vote



            accepted






            Solved it by changing proxy_hide_header values in /etc/nginx/sites-available/default file like so:



            proxy_hide_header X-Frame-Options;


            Needed to restart nginx as well as use pm2 to restart my nodejs server (for some reason, it didn't work till I made a small change to my server and restarted it).






            share|improve this answer












            Solved it by changing proxy_hide_header values in /etc/nginx/sites-available/default file like so:



            proxy_hide_header X-Frame-Options;


            Needed to restart nginx as well as use pm2 to restart my nodejs server (for some reason, it didn't work till I made a small change to my server and restarted it).







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Nov 21 '17 at 6:01









            Mallika

            4251826




            4251826








            • 1




              Wish this was better documented though.
              – Mallika
              Nov 21 '17 at 6:03










            • I did that though not in default in the app-specific conf file and it didn't work. I have Cloudflare in front of the server, does that overwrite the header in anyway?
              – Ashit Vora
              May 1 at 6:24














            • 1




              Wish this was better documented though.
              – Mallika
              Nov 21 '17 at 6:03










            • I did that though not in default in the app-specific conf file and it didn't work. I have Cloudflare in front of the server, does that overwrite the header in anyway?
              – Ashit Vora
              May 1 at 6:24








            1




            1




            Wish this was better documented though.
            – Mallika
            Nov 21 '17 at 6:03




            Wish this was better documented though.
            – Mallika
            Nov 21 '17 at 6:03












            I did that though not in default in the app-specific conf file and it didn't work. I have Cloudflare in front of the server, does that overwrite the header in anyway?
            – Ashit Vora
            May 1 at 6:24




            I did that though not in default in the app-specific conf file and it didn't work. I have Cloudflare in front of the server, does that overwrite the header in anyway?
            – Ashit Vora
            May 1 at 6:24












            up vote
            1
            down vote













            add_header X-Frame-Options ""; did the trick for me in nginx 1.12.






            share|improve this answer



























              up vote
              1
              down vote













              add_header X-Frame-Options ""; did the trick for me in nginx 1.12.






              share|improve this answer

























                up vote
                1
                down vote










                up vote
                1
                down vote









                add_header X-Frame-Options ""; did the trick for me in nginx 1.12.






                share|improve this answer














                add_header X-Frame-Options ""; did the trick for me in nginx 1.12.







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Nov 20 at 3:57

























                answered Nov 20 at 2:48









                Jonathan

                5,438145990




                5,438145990






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f47405597%2fx-frame-options-in-nginx-to-allow-all-domains%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Tonle Sap (See)

                    Image
                    Tonle Sap Satellitenfoto (April 1994) Geographische Lage Kambodscha Zuflüsse Tonle-Sap-Fluss, Siem Reap River Abfluss Tonle-Sap-Fluss Orte in der Nähe Siem Reap, Battambang Daten Koordinaten 12° 52′ 34″  N , 104° 4′ 23″  O 12.876 104.073 Koordinaten: 12° 52′ 34″  N , 104° 4′ 23″  O Höhe über Meeresspiegel f1 0,5 Meter Fläche 2.700–25.000 km² dep1 f5 Länge 250 km (maximal) dep1 f6 Breite 100 km (maximal) dep1 f7 Volumen 80 km³ (maximal) dep1 f8 Maximale Tiefe 14 m f10 Mittlere Tiefe 2–3 m (minimal) f11 Besonderheiten größter See Südostasiens Der Tonle-Sap-See (Khmer: បឹង​ទន្លេសាប , Aussprache: [ boeung tunleː saːp ]) in Kambodscha ist der größte See Südostasiens und eines der fischreichsten Binnengewässer der Erde. Inhaltsverzeichnis 1 Geographie 2 Wirtschaftliche Bedeutung 2.1 Verkehr 2.2 Reis 2.3 Fisch 3 Ökologie und Gefährdung 3.1 Überfischung...
                    Read more

                    I get strange results when I access the Sqlitedatabase with Unity C# via XAMPP

                    Image
                    0 <?php $servername = "localhost"; $username="root"; $password=""; $dbName="escape_room"; $user_username = $_POST['Input_user']; $user_password = $_POST['Input_pass']; $conn = new mysqli($servername, $username, $password, $dbName); if(!$conn){ die("Cound not Connect: " . mysqli_connect_error()); } $sql = "SELECT pass FROM escape_room WHERE user = '".$user_username."' "; $result = mysqli_query($conn, $sql); //Get the result and confirm login if(mysqli_num_rows($result)>0){ while($row = mysqli_fetch_assoc($result)){ if($row['pass'] == $user_password){ echo "login success"; ...
                    Read more

                    Guatemaltekische Davis-Cup-Mannschaft

                    Image
                    Guatemala Kapitän Anthony Vásquez Aktuelles ITF-Ranking 73 Statistik Erste Teilnahme 1990 Davis-Cup-Teilnahmen 22 Bestes Ergebnis Amerika-Gruppenzone II HF (1995, 2000, 2001) Ewige Bilanz 42:30 Erfolgreichste Spieler Meiste Siege gesamt Daniel Chávez Morales (29) Meiste Einzelsiege Cristian Paiz (21) Meiste Doppelsiege Daniel Chávez Morales (17) Bestes Doppel Jacobo Chávez / Daniel Chávez Morales (9) Meiste Teilnahmen Cristian Paiz (32) Meiste Jahre Daniel Chávez Morales (10) Letzte Aktualisierung der Infobox: 3. Juni 2012 Die guatemaltekische Davis-Cup-Mannschaft ist die Tennisnationalmannschaft Guatemalas. Geschichte | 1990 nahm Guatemala erstmals am Davis Cup teil. Das beste Resultat erreichte die Mannschaft jeweils 1995, 2000 und 2001 mit dem Halbfinale in der Amerika-Gruppenzone II. Bester Spieler ist Daniel Chávez Morales mit 29 Siegen bei insgesamt 31 Teilnahmen. Rekord...
                    Read more