Refused to display 'http://www.***.com/org/***' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'. 触发原因：页面的返回头被设置 X-Frame-Options SAMEORIGIN ，只能被同源的iframe 引用。跨域名的iframe 没法显示了。

nginx 在 http://www.

***.com/org/ location下增加      

proxy_hide_header X-Frame-Options;

     add_header X-Frame-Options "ALLOW-FROM https://www.***.com/" always;

即可

server location 配置

location / {

     proxy_pass ​ ​http://192.168.0.206​​;

     proxy_hide_header Vary;

     proxy_hide_header X-Powered-By;

     proxy_hide_header X-Frame-Options;

     add_header X-Frame-Options "ALLOW-FROM ​ ​http://​​www.***.com:8181" always;

}

​

​

server {
listen 8100;
server_name localhost;
location / {
proxy_pass http://128.1.8.206;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host:8100;
proxy_hide_header X-Frame-Options;
add_header X-Frame-Options "ALLOW-FROM http://128.1.8.103:8100/" always;
#add_header Content-Security-Policy "frame-ancestors 128.1.8.103" always;
#add_header X-Frame-Options "ALLOW-FROM 128.1.8.103";
}
}

nginx 跨域问题
跨域问题有两种解决方法，

让开发自己修改代码解决跨域问题
修改nginx配置解决跨域问题
这里是记录了nginx的解决方式
后端服务调用报错跨域问题，为解决跨域问题，在网上搜索一大坨跨域解决方案，可以先都粘过去，后面慢慢删挑选正确的跨域问题

        proxy_set_header Cookie $http_cookie;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_hide_header X-Frame-Options;
        add_header X-Frame-Options ALLOWALL;
        add_header Access-Control-Allow-Origin *; 
        add_header Access-Control-Allow-Headers *; 
        proxy_cookie_domain remote localhost;  
        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
        ignore_invalid_headers off;
        proxy_set_header Host $host;
        real_ip_recursive on;
        keepalive_timeout  65;

​