Hello!

On Thu, Jan 09, 2014 at 10:21:43AM +0000, Jonathan Matthews wrote:

> On 9 January 2014 10:03, basti <black.fledermaus@arcor.de> wrote:
> > Hello,
> >
> > I have a closed-source Webapp that run on an IIS-Webserver and send a
> > "X-Frame-Options: SAMEORIGIN" header.
> > I also have to implement this Webapp in my own, Frame based Application.
> >
> > So I try to use nginx as a reverse Proxy, but the X-Frame-Options Header
> > is still send.
> > How can I remove his header?
> > I have try "proxy_hide_header X-Frame-Options;" without success.
>
> You'll find the answer in the documentation:
> http://wiki.nginx.org/NginxHttpProxyModule#proxy_set_header

The X-Frame-Options header is returned by a server-side
application, hence the proxy_hide_header is correct solution,
while proxy_set_header isn't.

And, being pedantic, wiki != documentation. Here are
links to the documentation:

http://nginx.org/r/proxy_set_header
http://nginx.org/r/proxy_hide_header

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx