12-17-2019 04:24 PM
This is an accepted solution.
Thank you for your guidance. I focused on removing X-Frame-Options from multiple places lượt thích so sánh to lớn get it resolved.
server.js using koa I added the following -
const lusca = require('koa-lusca');
app.prepare().then(() => {
const server = new Koa();
server.use(lusca.xframe({value: ''}));Then in the nginx.conf apply the following -
add_header X-Frame-Options "";
./snippets/ssl-params.conf
remove
add_header X-Frame-Options DENY;
reload nginx and start application and then it will be resolved.
My main issue is that I forgot about the cipherlist configuration I extend from the nginx.conf was overwriting the headers with DENY.
Also to lớn verify you removed the header correctly, use this command to lớn kiểm tra while application and nginx is up.
wget -q --server-response https://${your.url}.com