Drop legacy X-Frame-Options header

The modern way is CSP frame-ancestors header which we also set.
KatieLG · May 30, 2024 · dd4f26f · dd4f26f
1 parent f535e42
commit dd4f26f
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/routes/render.go b/routes/render.go
@@ -145,7 +145,6 @@ func render(w http.ResponseWriter, r *http.Request, name string, data ...any) {
 	header.Set("Content-Language", "en")
 	header.Set("Content-Type", "text/html; charset=utf-8")
 	header.Set("Referrer-Policy", "no-referrer")
-	header.Set("X-Frame-Options", "DENY")
 	header.Set("Content-Security-Policy",
 		"base-uri 'none';"+
 			"connect-src 'self';"+