允许同源

add_header X-Frame-Options SAMEORIGIN;

允许泛域名

add_header X-Frame-Options "allow-from https://*.xxx.cn/";

新版配置代替以上2个

add_header Content-Security-Policy "connect-src *;frame-ancestors https://*.jobpi.cn/ https://*.schoolpi.net/; ";