Nginx as reverse Proxy, remove X-Frame-Options header
Maxim Dounin
mdounin at mdounin.ru
Thu Jan 9 11:57:32 UTC 2014
Hello!
On Thu, Jan 09, 2014 at 10:21:43AM +0000, Jonathan Matthews wrote:
> On 9 January 2014 10:03, basti <black.fledermaus at arcor.de> wrote:
> > Hello,
> >
> > I have a closed-source Webapp that run on an IIS-Webserver and send a
> > "X-Frame-Options: SAMEORIGIN" header.
> > I also have to implement this Webapp in my own, Frame based Application.
> >
> > So I try to use nginx as a reverse Proxy, but the X-Frame-Options Header
> > is still send.
> > How can I remove his header?
> > I have try "proxy_hide_header X-Frame-Options;" without success.
>
> You'll find the answer in the documentation:
> http://wiki.nginx.org/NginxHttpProxyModule#proxy_set_header
The X-Frame-Options header is returned by a server-side
application, hence the proxy_hide_header is correct solution,
while proxy_set_header isn't.
And, being pedantic, wiki != documentation. Here are
links to the documentation:
http://nginx.org/r/proxy_set_header
http://nginx.org/r/proxy_hide_header
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list