From 28c72d3ee3a9f5d270eb44bf1133cbd998247d3a Mon Sep 17 00:00:00 2001 From: kermieisinthehouse Date: Mon, 10 Jan 2022 15:05:12 -0800 Subject: [PATCH] Allow stash to be iframed (#2217) --- pkg/api/server.go | 1 - ui/v2.5/src/components/Changelog/versions/v0130.md | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/api/server.go b/pkg/api/server.go index fb07861c7..c06a24120 100644 --- a/pkg/api/server.go +++ b/pkg/api/server.go @@ -364,7 +364,6 @@ func SecurityHeadersMiddleware(next http.Handler) http.Handler { w.Header().Set("Referrer-Policy", "same-origin") w.Header().Set("X-Content-Type-Options", "nosniff") - w.Header().Set("X-Frame-Options", "DENY") w.Header().Set("X-XSS-Protection", "1") w.Header().Set("Content-Security-Policy", cspDirectives) diff --git a/ui/v2.5/src/components/Changelog/versions/v0130.md b/ui/v2.5/src/components/Changelog/versions/v0130.md index a389b43cd..38bf5ca21 100644 --- a/ui/v2.5/src/components/Changelog/versions/v0130.md +++ b/ui/v2.5/src/components/Changelog/versions/v0130.md @@ -5,6 +5,7 @@ * Show counts on list tabs in Performer, Studio and Tag pages. ([#2169](https://github.com/stashapp/stash/pull/2169)) ### 🐛 Bug fixes +* Allow Stash to be iframed. ([#2217](https://github.com/stashapp/stash/pull/2217)) * Resolve CDP hostname if necessary. ([#2174](https://github.com/stashapp/stash/pull/2174)) * Generate sprites for short video files. ([#2167](https://github.com/stashapp/stash/pull/2167)) * Fix stash-box scraping including underscores in ethnicity. ([#2191](https://github.com/stashapp/stash/pull/2191))