Nginx as reverse Proxy, remove X-Frame-Options header
nano
nanotek at bsdbox.co
Thu Jan 9 12:24:03 UTC 2014
On 9/01/2014 11:12 PM, Jonathan Matthews wrote:
> On 9 January 2014 11:57, Maxim Dounin <mdounin at mdounin.ru> wrote:
>> Hello!
>>
>> On Thu, Jan 09, 2014 at 10:21:43AM +0000, Jonathan Matthews wrote:
>>
>>> On 9 January 2014 10:03, basti <black.fledermaus at arcor.de> wrote:
>>>> Hello,
>>>>
>>>> I have a closed-source Webapp that run on an IIS-Webserver and send a
>>>> "X-Frame-Options: SAMEORIGIN" header.
>>>> I also have to implement this Webapp in my own, Frame based Application.
>>>>
>>>> So I try to use nginx as a reverse Proxy, but the X-Frame-Options Header
>>>> is still send.
>>>> How can I remove his header?
>>>> I have try "proxy_hide_header X-Frame-Options;" without success.
>>>
>>> You'll find the answer in the documentation:
>>> http://wiki.nginx.org/NginxHttpProxyModule#proxy_set_header
>>
>> The X-Frame-Options header is returned by a server-side
>> application, hence the proxy_hide_header is correct solution,
>> while proxy_set_header isn't.
>
> My bad. I was pretty sure I'd had success with 'set foo ""' where
> 'hide' hadn't worked in the past.
>
>> And, being pedantic, wiki != documentation. Here are
>> links to the documentation:
>>
>> http://nginx.org/r/proxy_set_header
>> http://nginx.org/r/proxy_hide_header
>
> Ack that. I'll personally keep linking to the wiki until the documentation
>
> * is significantly better internally hyper-linked;
> * has documentation targeted soley towards the open source nginx,
> without having to skip to the end of each directive to check for "This
> functionality is available as part of our commercial subscription
> only";
> * has useful pages such as IfIsEvil integrated into it.
>
> I may be wrong about that third one still needing doing, but I
> couldn't find IfIsEvil anywhere but the wiki. The presence of a
> top-level pointer on each wiki page to http://nginx.org/en/docs/ is
> pretty useless, too - it needs to point to the appropriate place in
> the docs to get people to start using them.
>
> Didn't you guys pick up several millions a while ago, which was
> announced as being somewhat earmarked for improving documentation? :-)
>
> </rant>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
I share your opinion regarding nginx documentation. It is woeful.
Particularly when compared to other exemplary open source projects, such
as Postfix and FreeBSD. My inability to easily transfer my webservers to
nginx from Apache, due to (my own shortcomings compounded by) terribly
inadequate documentation, nearly made the transition impossible. Insult
was only added to injury when, after transferring some sites to the
recommended nginx, I found very little performance enhancement.
Admittedly, I am most probably not properly utilizing the application
and will only see improvements when my own abilities allow it.
Nevertheless, the documentation needs work. It is prudent to accommodate
less technically aware users.
--
syn.bsdbox.co
More information about the nginx
mailing list