Overriding wordpress-site.conf.j2 with nginx-includes

I want to override (and remove, or at least soften) the “SAMEORIGIN” policy discussed here using an nginx-include (as discussed here) but nginx configs are not my strong suit.

Is this possible? Can anyone help? I don’t even know where to start.

I’ve tried nothing and it’s still not working! :wink:

In the end I moved the front of my app to a separate js app. But for one page that was left in PHP and inside iframe I did this:
<?php header('X-Frame-Options: GOFORIT'); ?>
…at the top of the page, so I guess if you plan to allow the whole site to be run inside iframe, you could just add it to the top of your functions.php, and be done with it. (What will security guys tell on the subject, it’s left to be told :))

I actually tried that, and the result is that both headers get sent, and Safari at least defaults to DENY when it sees conflicting headers, so I need to override the h5bp setting somehow.