fix(api): remove x-frame-options header (#2322)

2025-07-25 08:19:40 +02:00 · 2018-10-03 14:18:03 +13:00 · 2018-10-03 14:18:03 +13:00 · 6e8a10d72f
commit 6e8a10d72f
parent bad95987ec
2 changed files with 0 additions and 2 deletions
--- a/api/http/security/bouncer.go
+++ b/api/http/security/bouncer.go
@ -114,7 +114,6 @@ func (bouncer *RequestBouncer) EndpointAccess(r *http.Request, endpoint *portain
 // mwSecureHeaders provides secure headers middleware for handlers.
 func mwSecureHeaders(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Add("X-Frame-Options", "DENY")
 		w.Header().Add("X-XSS-Protection", "1; mode=block")
 		w.Header().Add("X-Content-Type-Options", "nosniff")
 		next.ServeHTTP(w, r)