Move cors.X_FRAME_OPTIONS to security.X_FRAME_OPTIONS and add false option

2025-11-08 23:38:13 +00:00 · 2024-04-03 01:17:38 +02:00
parent e006451ab1
commit aace6002ee
8 changed files with 19 additions and 10 deletions
--- a/modules/setting/cors.go
+++ b/modules/setting/cors.go
@@ -17,13 +17,11 @@ var CORSConfig = struct {
 	MaxAge           time.Duration
 	AllowCredentials bool
 	Headers          []string
-	XFrameOptions    string
 }{
 	AllowDomain:   []string{"*"},
 	Methods:       []string{"GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"},
 	Headers:       []string{"Content-Type", "User-Agent"},
 	MaxAge:        10 * time.Minute,
-	XFrameOptions: "SAMEORIGIN",
 }

 func loadCorsFrom(rootCfg ConfigProvider) {