Remove X-Frame-Options header to allow non-localhost setups

Created on 17 November 2022, over 1 year ago

Updated 4 June 2023, about 1 year ago

Drupal by default adds X-Frame-Options: SAMEORIGIN to all responses. This is a valid security measure, but it gets in the way for the Storybook (et. al.) integration.

We should add a response subscriber to remove that header in the CL Server route.

🐛 Bug report

Status

Fixed

Version

1.0

Component

Code

Created by

e0ipso Can Picafort

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment about 1 year ago →
e0ipso Can Picafort
Comment about 1 year ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024