Bouncing Ball for Kids.REGISTER NOW GET FREE 888 PESOS REWARDS!

Resolved

(@hanz17)

Hi,

I’m getting an error message in the console, and comments aren’t showing. But in the nginx configuration I have the value SAMEORIGIN set. Where could the problem be?

Thanks for help.

The loading of “https://www.facebook.com/v10.0/plugins/comments.php?app_id=xxxx&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df16a20e88a7e442%26domain%3Dwww.trendista.cz%26origin%3Dhttps%253A%252F%252Fwww.trendista.cz%252Ff3489f9f9708716%26relation%3Dparent.parent&container_width=970&height=100&href=https%3A%2F%2Fwww.trendista.cz%2F%3Fpost_type%3Dpost%26p%3D49720&locale=cs_CZ&numposts=10&order_by=time&sdk=joey&version=v10.0&width=” in a frame is denied by “X-Frame-Options“ directive set to “DENY“

NGINX.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {
client_max_body_size 20M;
map $remote_addr $ip_anonym1 {
default 0.0.0;
"~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" $ip;
"~(?P<ip>[^:]+:[^:]+):" $ip;
}

map $remote_addr $ip_anonym2 {
default .0;
"~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" .0;
"~(?P<ip>[^:]+:[^:]+):" ::;
}

map $ip_anonym1$ip_anonym2 $ip_anonymized {
default 0.0.0.0;
"~(?P<ip>.*)" $ip;
}

log_format anonymized '$ip_anonymized - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
    add_header X-Frame-Options "sameorigin" always;
}

This topic was modified 3 years, 5 months ago by Hanz17.

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Author wpdevart
(@wpdevart)

3 years, 5 months ago

Hi @hanz17

You can check this article – https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

It may be useful.

Thanks.

Thread Starter Hanz17
(@hanz17)

3 years, 5 months ago

Thanks for your reply.
I did, but the problem still persists.
I found that the settings in nginx.conf apply to all internal queries:
https://ibb.co/60yYhT5

but does not apply to Facebook calls.
https://ibb.co/RBHFVZ4

Thread Starter Hanz17
(@hanz17)

3 years, 5 months ago

This looks like a Facebook bug
https://developers.facebook.com/support/bugs/854001531875629/?join_id=f3265be5480336

Thread Starter Hanz17
(@hanz17)

3 years, 5 months ago

resolved

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘“X-Frame-Options“ directive set to “DENY’ is closed to new replies.