Nginx " X-Frame-Options" set to two values

73 Views Asked by IkonoDim At 11 February 2024 at 19:15

I added this to my config: add_header X-Frame-Options "ALLOW-FROM http://167.235.117.189" always;. But Chrome says that there are two "X-Frame-Options" set. I searched with grep in my entire /etc/nginx directory but it only found the one I set. Can anybody help me?

Original Q&A

There are 2 best solutions below

IkonoDim On 12 February 2024 at 01:21 BEST ANSWER

I added this: fastcgi_hide_header X-Frame-Options; to my route config

Halvor Sakshaug On 13 February 2024 at 08:36

Different browser may treat this differently. ALLOW-FROM has limited support outside IE. I would suggest to use the Content-Security-Policy header instead. Set the value to "frame-ancestors 'self' 167.235.117.189" if your current X-Frame-Options values are SAMEORIGIN and the ip. When the frame-ancestors directive is present X-Frame-Options will be ignored and you can allow both sources.

Nginx " X-Frame-Options" set to two values

There are 2 best solutions below

Related Questions in HTTP

Related Questions in NGINX

Related Questions in IFRAME

Related Questions in X-FRAME-OPTIONS

Trending Questions

Popular # Hahtags

Popular Questions