Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Dmitry Shcherbakov2017-04-17 07:53:09
Nginx
Dmitry Shcherbakov, 2017-04-17 07:53:09

Nginx + webvisor.com (Yandex.Metrica webvisor) and X-Frame-Options: SAMEORIGIN, how to enable?

Help set up Nginx so that the Yandex.Metrica Webvisor works.
The site works through the https protocol.

Here is the site config

server {
  listen 80;
  listen [::]:80;
  server_name site.ru www.site.ru;
  return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  include snippets/ssl-params.conf;

  root /var/www/site/current/public;
  index index.php index.html index.htm;

  server_name site.ru www.site.ru;

  ssl_certificate /etc/letsencrypt/live/site.ru/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/site.ru/privkey.pem;

  client_body_buffer_size 16k;
  client_header_buffer_size 2k;
  client_max_body_size 10m;
  large_client_header_buffers 3 4k;

  reset_timedout_connection on;
  client_body_timeout 10s;
  client_header_timeout 10s;
  send_timeout 5s;

  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }

  location ~ \.php$ {
    fastcgi_index index.php;

    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

    try_files $uri /index.php =404;

    # With php7.0-cgi alone:
    # fastcgi_pass 127.0.0.1:9000;
    # With php7.0-fpm:
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;

    fastcgi_buffer_size 128k;
    fastcgi_buffers 256 32k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
  }

  location ~ /\. {
    deny all;
    access_log off;
    log_not_found off;
  }
}


There are entries in ssl-params.conf

add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;

It is because of this entry add_header X-Frame-Options SAMEORIGIN; The webvisor does not want to work, I found a solution on the Internet not to add this header for the site itself and the webvisor, but nothing happened.
Has anyone come across this before and solved it?
UPDATE: 12/21/2019 The solution is here , thanks to Michael

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
B
braindev2021-12-18 13:46:42
Opening site only by domain name in IspManager 6? 2Reply
V
VA2016-05-17 18:07:03
Optimal setup of 2 sites (back-apache, front-nginx)? 1Reply
C
celsoft2018-10-18 16:36:46
Config apache + nginx for loaded project? 4Reply
S
sokol12016-05-20 11:38:07
How to set up nginx proxying according to the scheme user id=resource? 1Reply
A
Alex Lapikov2021-12-21 20:59:49
How to restrict file download via direct link? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question