- Issue created by @gapple
While the X-Frame-Options: SAMEORIGIN
header added by core is overridden by a frame-ancestors
CSP directive, its presence may cause some confusion (particularly if frame-ancestors
is not set to only 'self'
).
Remove the X-Frame-Options
header in CSP's response subscriber if frame-ancestors
is set.
Active
2.0
Code