Remove X-Frame-Options because it cannot work with a cross-domain iframe.

7 years ago · 4881f8d030
parent 4acd9957a9
commit 4881f8d030
1 changed files with 1 additions and 2 deletions
--- a/config.example.js
+++ b/config.example.js
@ -17,8 +17,7 @@ module.exports = {

    httpHeaders: {
        "X-XSS-Protection": "1; mode=block",
-        "X-Content-Type-Options": "nosniff",
-        'X-Frame-Options': 'SAMEORIGIN',
+        "X-Content-Type-Options": "nosniff"
    },

    contentSecurity: [