Nginx as reverse Proxy, remove X-Frame-Options header
Maxim Dounin
mdounin at mdounin.ru
Thu Jan 9 12:48:56 UTC 2014
Hello!
On Thu, Jan 09, 2014 at 12:12:09PM +0000, Jonathan Matthews wrote:
> On 9 January 2014 11:57, Maxim Dounin <mdounin at mdounin.ru> wrote:
> > Hello!
> >
> > On Thu, Jan 09, 2014 at 10:21:43AM +0000, Jonathan Matthews wrote:
> >
> >> On 9 January 2014 10:03, basti <black.fledermaus at arcor.de> wrote:
> >> > Hello,
> >> >
> >> > I have a closed-source Webapp that run on an IIS-Webserver and send a
> >> > "X-Frame-Options: SAMEORIGIN" header.
> >> > I also have to implement this Webapp in my own, Frame based Application.
> >> >
> >> > So I try to use nginx as a reverse Proxy, but the X-Frame-Options Header
> >> > is still send.
> >> > How can I remove his header?
> >> > I have try "proxy_hide_header X-Frame-Options;" without success.
> >>
> >> You'll find the answer in the documentation:
> >> http://wiki.nginx.org/NginxHttpProxyModule#proxy_set_header
> >
> > The X-Frame-Options header is returned by a server-side
> > application, hence the proxy_hide_header is correct solution,
> > while proxy_set_header isn't.
>
> My bad. I was pretty sure I'd had success with 'set foo ""' where
> 'hide' hadn't worked in the past.
>
> > And, being pedantic, wiki != documentation. Here are
> > links to the documentation:
> >
> > http://nginx.org/r/proxy_set_header
> > http://nginx.org/r/proxy_hide_header
>
> Ack that. I'll personally keep linking to the wiki until the documentation
>
> * is significantly better internally hyper-linked;
> * has documentation targeted soley towards the open source nginx,
> without having to skip to the end of each directive to check for "This
> functionality is available as part of our commercial subscription
> only";
> * has useful pages such as IfIsEvil integrated into it.
>
> I may be wrong about that third one still needing doing, but I
> couldn't find IfIsEvil anywhere but the wiki. The presence of a
> top-level pointer on each wiki page to http://nginx.org/en/docs/ is
> pretty useless, too - it needs to point to the appropriate place in
> the docs to get people to start using them.
>
> Didn't you guys pick up several millions a while ago, which was
> announced as being somewhat earmarked for improving documentation? :-)
And that's why we actually have the documentation in English. :)
Additionally, compared to what we have previously it is already
significantly imporoved.
As I already explained, the problem with wiki pages which
duplication documentation is a bit rot. There are lots of
improvements in the documentation which isn't in wiki, most
obviously - there are no new directives. And this bit rot confuse
people more and more.
The generic plan is to avoid the duplication altogether,
preserving wiki for useful additional content.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list