web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove X-Frame-Options because it cannot work with a cross-domain iframe.

Browse Source
This commit is contained in:
Caleb James DeLisle 2017-08-17 12:12:40 +02:00
parent 4acd9957a9
commit 4881f8d030
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config.example.js
View File

@ -17,8 +17,7 @@ module.exports = {
httpHeaders: { httpHeaders: {
"X-XSS-Protection": "1; mode=block", "X-XSS-Protection": "1; mode=block",
"X-Content-Type-Options": "nosniff", "X-Content-Type-Options": "nosniff"
'X-Frame-Options': 'SAMEORIGIN',
}, },
contentSecurity: [ contentSecurity: [