在Nginx上使用Wordpress。
我收到这些错误,但我似乎无法find我的Nginx选项,我已经指定这个“DENY”标题。
Multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, DENY') encountered when loading 'https://beta.com/wp-admin/plugin-install.php?tab=plugin-information&plugin=duplicate-post&'. Falling back to 'DENY'. Refused to display 'https://beta.com/wp-admin/plugin-install.php?tab=plugin-information&plugin=duplicate-post&' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN, DENY'. load-scripts.php?c=1&load[]=jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-widget,jquery…:2 Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Sandbox access violation: Blocked a frame at "https://beta.com" from accessing a frame at "null". The frame being accessed is sandboxed and lacks the "allow-same-origin" flag. 有任何想法吗?
在wordpress functions.php的核心文件中,我可以看到
* Send a HTTP header to limit rendering of pages to same origin iframes. * * @since 3.1.3 * * @see https://developer.mozilla.org/en/the_x-frame-options_response_header */ function send_frame_options_header() { @header( 'X-Frame-Options: SAMEORIGIN' ); }
但我想这不是问题,因为其他用户会提到它。
类似的问题发布到:
复制在这里以供将来参考
https://wordpress.org/support/users/knnleow/
两个地方有相同configuration的重复设置。
我删除了重复的条目
/etc/nginx/site-available/default
configuration文件。
更新我的
/etc/nginx/snippets/ssl-dhparams.conf
至:
#add_header X-Frame-Options DENY; add_header X-Frame-Options SAMEORIGIN;