X-Frame-Options in nginx to allow all domains

nginx iframe server x-frame-options nginx-reverse-proxy
Mallika Khullar picture Mallika Khullar · Nov 21, 2017 · Viewed 40.4k times · Source

I'm using nginx as a reverse proxy for my website.

I want to be able to open my website in an iFrame from a chrome extension new tab html file.

For this, I need my nginx to set X-Frame-Options to allow all domains.

According to this answer, all domains is the default state if you don't set X-Frame-Options.

My /etc/nginx/nginx.conf doesn't have the X-Frame-Options set anywhere.

Yet when I check my website response header using Postman, it shows me X-Frame-Options = SAMEORIGIN.

How can I remove this setting and load my website in an iFrame in the chrome new-tab .html file?

Answer

Mallika Khullar picture Mallika Khullar · Nov 21, 2017

Solved it by changing proxy_hide_header values in /etc/nginx/sites-available/default file like so:

proxy_hide_header X-Frame-Options;

Needed to restart nginx as well as use pm2 to restart my nodejs server (for some reason, it didn't work till I made a small change to my server and restarted it).

Related questions

From inside of a Docker container, how do I connect to the localhost of the machine?

So I have a Nginx running inside a docker container, I have a mysql running on localhost, I want to connect to the MySql from within my Nginx. The MySql is running on localhost and not exposing a port to …

Read More
NGinx Default public www location?

I have worked with Apache before, so I am aware that the default public web root is typically /var/www/. I recently started working with nginx, but I can't seem to find the default public web root. Where can I …

Read More
Where can I find the error logs of nginx, using FastCGI and Django?

I'm using Django with FastCGI + nginx. Where are the logs (errors) stored in this case?

Read More