On 25/01/2014 07:51, wishmaster wrote:
--- Original message ---
From: "Some Developer" <someukdevelo...@gmail.com>
Date: 25 January 2014, 06:04:10
I'm running Nginx 1.4.4 on Ubuntu 12.04 and have added the X-Frame-Options
header for one of my sites but in testing it appears that Nginx includes this
itself in addition to user configured headers. Basically I want X-Frame-Options
to be DENY but when I set that header Nginx also sends an X-Frame-Options
SAMEORIGIN header so that there are two X-Frame-Options headers in every
request.
Is there some way to disable the extra header? I can't find anything in my
configuration that would add the second header.
May by this is the header, has been set by your php-application?
You can remove this with help of module
http://wiki.nginx.org/HttpHeadersMoreModule
I don't actually use PHP but your response lead me to an answer.
Apparently Django sets some headers so it looks like I need to disable
it there. Thanks!
Seems a bit strange to me that an application framework sets HTTP
headers. Surely this should be left to the HTTP server? What are other
peoples opinions on this?
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
