add bool for performance

modules/setting/security.go

@@ -38,6 +38,7 @@ var (
 	CSRFCookieName                     = "_csrf"
 	CSRFCookieHTTPOnly                 = true
 	XFrameOptions                      string
+	UseXFrameOptions                   bool
 )
 
 // loadSecret load the secret from ini by uriKey or verbatimKey, only one of them could be set
@@ -140,7 +141,9 @@ func loadSecurityFrom(rootCfg ConfigProvider) {
 	CSRFCookieHTTPOnly = sec.Key("CSRF_COOKIE_HTTP_ONLY").MustBool(true)
 	PasswordCheckPwn = sec.Key("PASSWORD_CHECK_PWN").MustBool(false)
 	SuccessfulTokensCacheSize = sec.Key("SUCCESSFUL_TOKENS_CACHE_SIZE").MustInt(20)
+
 	XFrameOptions = sec.Key("X_FRAME_OPTIONS").MustString("SAMEORIGIN")
+	UseXFrameOptions = XFrameOptions != "false"
 
 	InternalToken = loadSecret(sec, "INTERNAL_TOKEN_URI", "INTERNAL_TOKEN")
 	if InstallLock && InternalToken == "" {

routers/common/errpage.go

@@ -35,7 +35,7 @@ func RenderPanicErrorPage(w http.ResponseWriter, req *http.Request, err any) {
 
 	httpcache.SetCacheControlInHeader(w.Header(), 0, "no-transform")
 
-	if setting.XFrameOptions != "false" {
+	if setting.UseXFrameOptions {
 		w.Header().Set(`X-Frame-Options`, setting.XFrameOptions)
 	}
 

services/context/api.go

@@ -236,7 +236,7 @@ func APIContexter() func(http.Handler) http.Handler {
 
 			httpcache.SetCacheControlInHeader(ctx.Resp.Header(), 0, "no-transform")
 
-			if setting.XFrameOptions != "false" {
+			if setting.UseXFrameOptions {
 				ctx.Resp.Header().Set(`X-Frame-Options`, setting.XFrameOptions)
 			}
 

services/context/context.go

@@ -191,7 +191,7 @@ func Contexter() func(next http.Handler) http.Handler {
 
 			httpcache.SetCacheControlInHeader(ctx.Resp.Header(), 0, "no-transform")
 
-			if setting.XFrameOptions != "false" {
+			if setting.UseXFrameOptions {
 				ctx.Resp.Header().Set(`X-Frame-Options`, setting.XFrameOptions)
 			}