Hello,

i have two locations defined in my nginx config:

server {

.....

rewrite ^/index\.php/?(.*)$ /$1 permanent;

location /widget/ {
index index.php;
try_files $uri @rewritewidget;
#
}

location / {
add_header X-Frame-Options SAMEORIGIN;
index index.php;
try_files $uri @rewriteapp;
}

location @rewritewidget {
rewrite ^(.*)$ /widget/index.php/$1 last;
}

location @rewriteapp {
rewrite ^(.*)$ /index.php/$1 last;
}

the idea is that i have 2 entry points, that are using rewrite module. first entry point - is website ("/"), it should send "X-Frame-Options SAMEORIGIN" header. second - widget - is displaying widgets, that should be accessible with iframe tags.

If i add " X-Frame-Options SAMEORIGIN;" to "server" context - it works for whole website (including widgets). if i add " X-Frame-Options SAMEORIGIN;" to "location /" it doesn't work.

Could you please advice me how i can fix this? What i'm doing wrong?

Thanks in advance!