Contrib.social

Remove X-Frame-Options Header

Open on Drupal.org β†’
Created on 3 April 2024, 3 months ago

Problem/Motivation

While the X-Frame-Options: SAMEORIGIN header added by core is overridden by a frame-ancestors CSP directive, its presence may cause some confusion (particularly if frame-ancestors is not set to only 'self').

Steps to reproduce

Proposed resolution

Remove the X-Frame-Options header in CSP's response subscriber if frame-ancestors is set.

Remaining tasks

User interface changes

API changes

Data model changes

πŸ“Œ Task
Status

Active

Version

2.0

Component

Code

Created by

πŸ‡¨πŸ‡¦Canada gapple

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024