Nginx " X-Frame-Options" set to two values

IkonoDim
February 13, 2024
154 views
0 votes
2 Answers

I added this to my config:
add_header X-Frame-Options "ALLOW-FROM http://167.235.117.189" always;. But Chrome says that there are two "X-Frame-Options" set. I searched with grep in my entire /etc/nginx directory but it only found the one I set. Can anybody help me?

Answers

Chosen as BEST ANSWER
- IkonoDim
- February 12, 2024 at 2:21 am
- 0 votes
0
I added this: fastcgi_hide_header X-Frame-Options; to my route config

(Edit)

- HalvorSakshaug
- February 13, 2024 at 9:36 am
- 0 votes
0
Different browser may treat this differently. ALLOW-FROM has limited support outside IE. I would suggest to use the Content-Security-Policy header instead. Set the value to "frame-ancestors ‘self’ 167.235.117.189" if your current X-Frame-Options values are SAMEORIGIN and the ip. When the frame-ancestors directive is present X-Frame-Options will be ignored and you can allow both sources.

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.