0
我使用CentOS 6.7下的nginx 1.8.0,它爲Ruby On Rails 4.2.3應用程序提供服務。Nginx的X框架選項
問題:
我需要啓用所有域的iframe選項,以便嘗試這樣做:
X-Frame-Options: *
然後當我檢查頭,我看到兩次1周時間SAMEORIGIN和一個時間*,這裏是迴應:
HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Sun, 01 Nov 2015 15:48:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Status: 200 OK
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
ETag: W/"d14b3de05fb18ebe4a94774c8f209e7f"
Cache-Control: max-age=0, private, must-revalidate
Set-Cookie: guess_locale=en; path=/; secure
Set-Cookie: _admin_numgames_com_session=Y3N0QjR2NXY0VFlZMlVnMHJLZC9WbUVraldZYjhpeHo0UG41akpaZE1rb0tQWS9YeGpkcklTRmViUU5aVmJpUElCcWpMaFJWQmpIWHRSazI4TE9QdTgvQ2VVRGYrSW9VcjA4eWVCMVlsUHJRejR1WmNoQWZoL2hGeVA1ZHp5YWxPdFZ4S25ydEtTamVnbFlZMEhJRDdXalQ2MU93T24vWnR6b28wM0NvYS82Nm1XMGV2Njh4djIzR1RNb2w3WTVHUDM3cVl3NnVrQnJ1WTMyU3I4dVBjY3RORWRQSlk2VmhNVnRVelZRbHRVWT0tLU9DYVBIZUxoUXlLN2VmZ01VNEhab3c9PQ%3D%3D--fa2a9d6817b5464b82a2babd784ed098f2526eeb; path=/; secure; HttpOnly
X-Request-Id: 4762503a-a9a8-41ce-b1a7-26269b7e9184
X-Runtime: 0.963198
X-Frame-Options: *
只有1次申報該OPTIO ñ爲什麼我看到它兩次?以及如何刪除此選項,以便任何人都可以使用我的域與iFrame?