I want to allow a simple script on main domain to request a sub-domain, but due to CORS restrictions access is not allowed by any browser.
I tried several solutions but I really could not figured out ... and always failing.
To make it clear a simple javascript is used on main domain to show in an iframe latest posts from the forum which is on a subdomain.
in /etc/nginx/nginx.conf delete line:
more_set_headers "X-Frame-Options : SAMEORIGIN";
then run service nginx reload
Thanks for the answer.
I followed a similar solution, with the added benefit it will not break in a future update.
I added a new .conf file on the subdomain's nginx directory:
/var/www/subdomain.domain.com/conf/nginx
with only this line:
more_set_headers "X-Frame-Options : domain.com";
It did worked fine.
seo1970
How did you manage to achieve this? I tried this but it still doesn't allow iframe source from my subdomain, complains about SAMEORIGIN.
And what was exact format? Is it
more_set_headers "X-Frame-Options : domain.com"; or
more_set_headers "X-Frame-Options : ALLOW-FROM domain.com";
Is this the correct approach to disable
more_set_headers "X-Frame-Options : SAMEORIGIN"; in /etc/nginx/nginx.conf file and then add
more_set_headers "X-Frame-Options : ALLOW-FROM domain.com"; per individual site?
Hosted by VirtuBox
