nginx配置,以避免“ ERROR DOMException:阻止具有原始xxx的框架访问跨域框架”

时间:2018-06-20 08:44:01

标签: nginx iframe proxy cross-domain

我必须使用iframe将三个不同的网站嵌入到我的www.myapp.com应用中。假设这些网站的网址是:

  • website1.com
  • website2.com
  • website3.com

这些网站无法由iframe直接嵌入,因为它们的服务器将X-Frame-Options响应标头设置为SAMEORIGIN,因此我使用nginx作为代理来删除这些X-Frame-Options标头:

# parent application: myapp.com:
server {

    listen 8080;
    server_name myapp.com www.myapp.com;

    location /stand {
        root /srv/www;
        try_files $uri $uri/ /stand/index.html;
    }
}

# website1.com proxy:
server {

    listen 8080;
    server_name proxywebsite1.com www.proxywebsite1.com;

    location / {
        proxy_pass https://www.website1.com/;
        proxy_set_header www.website1.com;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_hide_header 'x-frame-options';
    }
}

# website2.com proxy:
server {

    listen 8080;
    server_name proxywebsite2.com www.proxywebsite2.com;

    location / {
        proxy_pass https://www.website2.com/;
        proxy_set_header www.website2.com;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_hide_header 'x-frame-options';
    }
}

# website3.com proxy:
server {

    listen 8080;
    server_name proxywebsite3.com www.proxywebsite3.com;

    location / {
        proxy_pass https://www.website3.com/;
        proxy_set_header www.website3.com;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_hide_header 'x-frame-options';
    }
}

使用上面的配置,我现在可以将三个网站嵌入到iframe中,即使其域不同(www.myapp.com,proxywebsite1.com,proxywebsite2.com,proxywebsite3.com)。

现在,我想使用JavaScript隐藏嵌入式网站的某些元素(页脚,页眉等),并且由于域不同而被阻止。我在浏览器的控制台中遇到以下错误:

"ERROR DOMException: Blocked a frame with origin xxx from accessing a cross-origin frame"

enter image description here

所以我的问题是:有没有一种配置nginx的方法,以便浏览器不会将myapp.comproxywebsite1.com视为不同的域?

0 个答案:

没有答案
相关问题
最新问题