问题
My Django site uses django-summernote in iframes, and is throwing this error:
Multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, DENY') encountered when loading 'http://example.com/summernote/editor/id_comment_text/'. Falling back to 'DENY'.
I can't figure out where the DENY is coming from.
In my Django project settings I have:
MIDDLEWARE_CLASSES = (
...
'django.middleware.clickjacking.XFrameOptionsMiddleware',
...
)
which: "By default, the middleware will set the X-Frame-Options header to SAMEORIGIN for every outgoing HttpResponse."
I also added this in my nginx.conf (from here):
add_header X-Frame-Options SAMEORIGIN;
Other possibly relevant info: The problem arose when I upgraded my server from Ubuntu 14.04 to 16.04, and by project's virtual environment from Python 3.4 to Python 3.5. The version of Django and django-summernote are still the same.
How do I find the source of this DENY setting?
回答1:
In my case the issue was in the file: /etc/nginx/snippets/ssl-params.conf
Just had to comment out: add_header X-Frame-Options DENY;
来源:https://stackoverflow.com/questions/40701256/where-is-x-frame-options-deny-coming-from-on-django-site-via-nginx