Hi,
can anybody tell me, if there is an X-Frame-Option set by zammads rails/ruby version by default?
I can’t find out, where headers are set.
This is the header, where you can see that X-Frame-Options:ALLOW-FROM: is set and secondly, with a wrong url, which belongs to production stage. Here it should be development stage.
Request URL:wss://1-dev.domain.com/ws
Request Method:GET
Status Code:500 Internal Server Error
Response Headers
view source
Connection:keep-alive
Content-Length:531
Content-Type:text/html; charset=iso-8859-1
Date:Wed, 23 May 2018 09:28:41 GMT
Server:nginx
X-Frame-Options:ALLOW-FROM: https://1.domain.com
Request Headers
view source
Accept-Encoding:gzip, deflate, br
Accept-Language:de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
Cache-Control:no-cache
Connection:Upgrade
Cookie:_zammad_session_a138cfd0f37=3e9fe1572c9c43d570fbc278b0f2d2f6
DNT:1
Host:1-dev.domain.com
Origin:https://2-dev.domain.com
Pragma:no-cache
Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits
Sec-WebSocket-Key:7Q92BRNyRj6xVU5zrJ8mOA==
Sec-WebSocket-Version:13
Upgrade:websocket
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.97 Safari/537.36 Vivaldi/1.94.1008.40
Problem arise after upgrade from Zammad v1.5 to current version 2.4.
There is a reverse proxy in front of Zammad and an own application, which connects to zammad’s chat over the same reverse proxy 1-dev.domain.com. Again…everything was ok without any configuration change in nginx or apache on zammad server.
regards
Hannes