From 4881f8d0308b63747cff90a7ef09edb28517ba9b Mon Sep 17 00:00:00 2001
From: Caleb James DeLisle <cjd@cjdns.fr>
Date: Thu, 17 Aug 2017 12:12:40 +0200
Subject: [PATCH] Remove X-Frame-Options because it cannot work with a
 cross-domain iframe.

---
 config.example.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/config.example.js b/config.example.js
index 43438aea6..73444b94c 100644
--- a/config.example.js
+++ b/config.example.js
@@ -17,8 +17,7 @@ module.exports = {
 
     httpHeaders: {
         "X-XSS-Protection": "1; mode=block",
-        "X-Content-Type-Options": "nosniff",
-        'X-Frame-Options': 'SAMEORIGIN',
+        "X-Content-Type-Options": "nosniff"
     },
 
     contentSecurity: [