nginx - 处理Refused to display 'url'... in a frame because it set 'X-Frame-Options' to 'sameorigin'.

访问量: 125

参考;https://stackoverflow.com/questions/30731290/how-to-set-x-frame-options-allow-from-in-nginx-correctly

  https://stackoverflow.com/questions/27358966/how-to-set-x-frame-options-on-iframe

今天遇到个问题:某父页面(a.com ) 使用iframe 包含子页面(b.com)时,发现页面是空白页, 显示的是:

Refused to display 'url'... in a frame because it set 'X-Frame-Options' to 'sameorigin'.

原因是: 子页面的response并没有返回 相关的header. 

解决办法: 

为子页面的nginx 中,添加:

      location ~ ^/(images|javascripts|stylesheets|upload|assets|video)/  {
        root /mnt/www/your-project/public;
        expires 30d;
        add_header Cache-Control public;
        add_header ETag "";
        add_header X-Frame-Options "allow-from http://a.com";  // a.com 是父页面

      }

另外, 对于chrome ,可能还需要多返回一个: (参考:https://stackoverflow.com/questions/30731290/how-to-set-x-frame-options-allow-from-in-nginx-correctly

add_header Content-Security-Policy: frame-ancestors a.com

订阅/RSS Feed

Subscribe

分类/category