Skip to content Skip to sidebar Skip to footer
Home / Html / Pound

How To Use A Reverse Proxy To Get Around X-Frame-Options: SAMEORIGIN For Iframe

Post a Comment
I am struggling to get around X-Frame-Options: SAMEORIGIN restriction on some pages so I can put them in an iframe. I understand that one can use a reverse proxy server to get aro

Solution 1:

This nginx config code below might work for you. It hides the 'x-frame-options' from the client.

server {
  listen 80;
  server_name my-lobby-app.com;

  location / {
    proxy_pass  http://other-site.com
    proxy_set_header Host other-site.com;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_hide_header 'x-frame-options';
  }
}

Solution 2:

If you want to add an explicit allowall, you have to hide whatever header is coming from the service and add your own:

server {
  listen 80;
  server_name my-lobby-app.com;

  location / {
    proxy_pass  http://other-site.com
    proxy_set_header Host other-site.com;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_hide_header 'x-frame-options';
    proxy_set_header x-frame-options allowall;
  }
}

Post a Comment for "How To Use A Reverse Proxy To Get Around X-Frame-Options: SAMEORIGIN For Iframe"