Who to add X-Frame-Options to Authentik?

Question

currently i am working on my HomeLab infrastructure. Unfortunately, I ran into a problem that I can't solve.

The following components are affected

• Nginx Proxy Manager
• Authentik
• Dashy

My goal is to have all my services in one UI with a single authentication-flow. Dashy has the ability to show different services inside the dashboard ui. That works fine as long as I set the X-Frame-Options "ALLOW-FROM URL" and Content-Security-Policy "frame-ancestors URL" in Nginx Proxy Manager.

Unfortunately, however, Authentik now seems to override the X-Frame options and ignore changes in the proxy manager. And because Authentik is always addressed via a redirect before the first call of a service, I can't load an application within an IFrame.

Now to my question:

• How do I give Authentik to understand that it should allow SAMEORIGIN or ALLOW FROM if it ignores the nginx configuration. Is there an Option that let me set headers for Authentik?

X-Frame Options after edit the nginx proxymanager conf.

Answer 1

were you able to make any progress on this issue. In the same boat but using Organizr.

Best