Refused to display 'http://www.***.com/org/***' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'. 触发原因:页面的返回头被设置 X-Frame-Options SAMEORIGIN ,只能被同源的iframe 引用。跨域名的iframe 没法显示了。
nginx 在 http://www.
***.com/org/ location下增加
proxy_hide_header X-Frame-Options;
add_header X-Frame-Options "ALLOW-FROM https://www.***.com/" always;
即可
server location 配置
location / {
proxy_pass http://192.168.0.206;
proxy_hide_header Vary;
proxy_hide_header X-Powered-By;
proxy_hide_header X-Frame-Options;
add_header X-Frame-Options "ALLOW-FROM http://www.***.com:8181" always;
}
server {
listen 8100;
server_name localhost;
location / {
proxy_pass http://128.1.8.206;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host:8100;
proxy_hide_header X-Frame-Options;
add_header X-Frame-Options "ALLOW-FROM http://128.1.8.103:8100/" always;
#add_header Content-Security-Policy "frame-ancestors 128.1.8.103" always;
#add_header X-Frame-Options "ALLOW-FROM 128.1.8.103";
}
}
nginx 跨域问题 跨域问题有两种解决方法, 让开发自己修改代码解决跨域问题 修改nginx配置解决跨域问题 这里是记录了nginx的解决方式 后端服务调用报错跨域问题,为解决跨域问题,在网上搜索一大坨跨域解决方案,可以先都粘过去,后面慢慢删挑选正确的跨域问题 proxy_set_header Cookie $http_cookie; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_hide_header X-Frame-Options; add_header X-Frame-Options ALLOWALL; add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Headers *; proxy_cookie_domain remote localhost; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'; ignore_invalid_headers off; proxy_set_header Host $host; real_ip_recursive on; keepalive_timeout 65;