Nginx as reverse Proxy, remove X-Frame-Options header

Maxim Dounin mdounin at mdounin.ru
Thu Jan 9 11:57:32 UTC 2014


Hello!

On Thu, Jan 09, 2014 at 10:21:43AM +0000, Jonathan Matthews wrote:

> On 9 January 2014 10:03, basti <black.fledermaus at arcor.de> wrote:
> > Hello,
> >
> > I have a closed-source Webapp that run on an IIS-Webserver and send a
> > "X-Frame-Options: SAMEORIGIN" header.
> > I also have to implement this Webapp in my own, Frame based Application.
> >
> > So I try to use nginx as a reverse Proxy, but the X-Frame-Options Header
> > is still send.
> > How can I remove his header?
> > I have try "proxy_hide_header X-Frame-Options;" without success.
> 
> You'll find the answer in the documentation:
> http://wiki.nginx.org/NginxHttpProxyModule#proxy_set_header

The X-Frame-Options header is returned by a server-side 
application, hence the proxy_hide_header is correct solution, 
while proxy_set_header isn't.

And, being pedantic, wiki != documentation.  Here are 
links to the documentation:

http://nginx.org/r/proxy_set_header
http://nginx.org/r/proxy_hide_header

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx mailing list