On 25/01/2014 07:51, wishmaster wrote:
> --- Original message ---
> From: "Some Developer" <someukdeveloper@gmail.com>
> Date: 25 January 2014, 06:04:10
>
>> I'm running Nginx 1.4.4 on Ubuntu 12.04 and have added the X-Frame-Options header for one of my sites but in testing it appears that Nginx includes this itself in addition to user configured headers. Basically I want X-Frame-Options to be DENY but when I set that header Nginx also sends an X-Frame-Options SAMEORIGIN header so that there are two X-Frame-Options headers in every request.
>>
>> Is there some way to disable the extra header? I can't find anything in my configuration that would add the second header.
> May by this is the header, has been set by your php-application?
> You can remove this with help of module http://wiki.nginx.org/HttpHeadersMoreModule
>
I don't actually use PHP but your response lead me to an answer.
Apparently Django sets some headers so it looks like I need to disable
it there. Thanks!
Seems a bit strange to me that an application framework sets HTTP
headers. Surely this should be left to the HTTP server? What are other
peoples opinions on this?
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx