Contrib.social

Remove X-Frame-Options Header

Open on Drupal.org →
Created on 3 April 2024, about 1 year ago

Problem/Motivation

While the X-Frame-Options: SAMEORIGIN header added by core is overridden by a frame-ancestors CSP directive, its presence may cause some confusion (particularly if frame-ancestors is not set to only 'self').

Steps to reproduce

Proposed resolution

Remove the X-Frame-Options header in CSP's response subscriber if frame-ancestors is set.

Remaining tasks

User interface changes

API changes

Data model changes

📌 Task
Status

Active

Version

2.0

Component

Code

Created by

🇨🇦Canada gapple

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024