Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Dmitry Shcherbakov2017-04-17 07:53:09
Nginx
Dmitry Shcherbakov, 2017-04-17 07:53:09

Nginx + webvisor.com (Yandex.Metrica webvisor) and X-Frame-Options: SAMEORIGIN, how to enable?

Help set up Nginx so that the Yandex.Metrica Webvisor works.
The site works through the https protocol.

Here is the site config

server {
  listen 80;
  listen [::]:80;
  server_name site.ru www.site.ru;
  return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  include snippets/ssl-params.conf;

  root /var/www/site/current/public;
  index index.php index.html index.htm;

  server_name site.ru www.site.ru;

  ssl_certificate /etc/letsencrypt/live/site.ru/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/site.ru/privkey.pem;

  client_body_buffer_size 16k;
  client_header_buffer_size 2k;
  client_max_body_size 10m;
  large_client_header_buffers 3 4k;

  reset_timedout_connection on;
  client_body_timeout 10s;
  client_header_timeout 10s;
  send_timeout 5s;

  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }

  location ~ \.php$ {
    fastcgi_index index.php;

    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

    try_files $uri /index.php =404;

    # With php7.0-cgi alone:
    # fastcgi_pass 127.0.0.1:9000;
    # With php7.0-fpm:
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;

    fastcgi_buffer_size 128k;
    fastcgi_buffers 256 32k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
  }

  location ~ /\. {
    deny all;
    access_log off;
    log_not_found off;
  }
}


There are entries in ssl-params.conf

add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;

It is because of this entry add_header X-Frame-Options SAMEORIGIN; The webvisor does not want to work, I found a solution on the Internet not to add this header for the site itself and the webvisor, but nothing happened.
Has anyone come across this before and solved it?
UPDATE: 12/21/2019 The solution is here , thanks to Michael

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
G
German Zvonchuk2015-10-05 16:46:55
How to make the first rule found last in NGINX? 3Reply
S
Schoolboy.2015-10-05 16:59:59
How to unsecure an SSL certificate? 2Reply
S
sedictor2011-04-16 18:39:53
nginx close connection event 2Reply
R
Roman2021-06-16 09:37:36
Issue with posting? 1Reply
T
Tyzik2021-06-18 05:55:06
How to add another shared folder in nginx? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question