Remove X-Frame-Options header (#968)

InfiniteStash · web-flow · commit eb32c6ec62a8 · 2025-06-13T23:02:35.000+02:00
diff --git a/pkg/api/routes_root.go b/pkg/api/routes_root.go
@@ -53,7 +53,6 @@ func (rr rootRoutes) app(w http.ResponseWriter, r *http.Request) {
 		w.Header().Add("Content-Security-Policy", csp)
 	}
 	w.Header().Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
-	w.Header().Add("X-Frame-Options", "SAMEORIGIN")
 	w.Header().Add("X-Content-Type-Options", "nosniff")
 	w.Header().Add("Referrer-Policy", "same-origin")
 	w.Header().Add("Permissions-Policy", "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()")

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,6 @@ func (rr rootRoutes) app(w http.ResponseWriter, r *http.Request) {`
`53`	`53`	`w.Header().Add("Content-Security-Policy", csp)`
`54`	`54`	`}`
`55`	`55`	`w.Header().Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains")`
`56`		`- w.Header().Add("X-Frame-Options", "SAMEORIGIN")`
`57`	`56`	`w.Header().Add("X-Content-Type-Options", "nosniff")`
`58`	`57`	`w.Header().Add("Referrer-Policy", "same-origin")`
`59`	`58`	`w.Header().Add("Permissions-Policy", "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()")`