Config for X-Frame-Options for the web

Config for X-Frame-Options for the web
Config for X-Frame-Options for the web

Because of security reasons, so some web servers or web frameworks will make request/response headers to be rejected, which is DENY, which means it doesn’t allow the embeded iframe on to the web.

However, in some case, we still need to use iframe, ex. from the same domain, with image uploading on TinyMCE (this is very popular on WordPress anyway).

We need to config the web server to allow from SAMEORIGIN or ALLOW_URL instead of DENY.

On nginx server, check the config file /etc/nginx/nginx.conf and all the files that it includes, remove or update this part:

add_header X-Frame-Options DENY;

It could be in the file /etc/nginx/snippets/ssl-params.conf if you setup the SSL.

Restart the server.

Ensuring that web server config has updated for the part, but problem persists, then it should be the web frameworks, check out any place that it can send this header and update.