Skip to content

Commit

Permalink
chore: temporarily remove X-Frame-Options DENY header (#9441)
Browse files Browse the repository at this point in the history 
Co-authored-by: Off <[email protected]>
  • Loading branch information
@stephanegigandet
stephanegigandet and Off authored Nov 30, 2023
1 parent ace9eba commit 35dd8d4
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
2 changes: 1 addition & 1 deletion conf/nginx/snippets/ssl-headers.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,5 @@
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header Strict-Transport-Security "max-age=63072000";
add_header X-Frame-Options DENY;
#add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
3 changes: 2 additions & 1 deletion lib/ProductOpener/Display.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -610,7 +610,8 @@ sub init_request ($request_ref = {}) {
$country = 'en:world';

$r->headers_out->set(Server => "Product Opener");
$r->headers_out->set("X-Frame-Options" => "DENY");
# temporarily remove X-Frame-Options: DENY, needed for graphs - 2023/11/23
#$r->headers_out->set("X-Frame-Options" => "DENY");
$r->headers_out->set("X-Content-Type-Options" => "nosniff");
$r->headers_out->set("X-Download-Options" => "noopen");
$r->headers_out->set("X-XSS-Protection" => "1; mode=block");
Expand Down

0 comments on commit 35dd8d4

Please sign in to comment.