I created a widget to be shown on websites, it loads the Flask application that is running on AWS ElasticBeanstalk, nginx server. I can't make it work though, because nginx adds the following header to any responses:
sameorigin
I tried to add the following command to the config file:
add_header X-Frame-Options "" always;
But it didn't change anything. Then, I tried to add this command:
add_header X-Frame-Options "deny" always;
As result, I had the following error:
Refused to display 'https://xyz' in a frame because it set multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, deny'). Falling back to 'deny'.
which means the header "sameorigin" is added anyway and I can't control it. How can I stop the server from adding this header?
The OS is "64bit Amazon Linux 2/3.5.2"