From 4ef5fbfb6e28a979676c10754629aa7358506199 Mon Sep 17 00:00:00 2001
From: shamoon <4887959+shamoon@users.noreply.github.com>
Date: Tue, 11 Mar 2025 13:39:03 -0700
Subject: [PATCH] Fix: remove deprecated debug x-frame-options

---
 docs/development.md       | 2 +-
 src/paperless/settings.py | 4 ----
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/docs/development.md b/docs/development.md
index 67b47a35d..07eb27bd6 100644
--- a/docs/development.md
+++ b/docs/development.md
@@ -207,7 +207,7 @@ The front end is built using AngularJS. In order to get started, you need Node.j
     restart it.
 
     By default, the development server is available on `http://localhost:4200/` and is configured to access the API at
-    `http://localhost:8000/api/`, which is the default of the backend. If you enabled `DEBUG` on the back end, several security overrides for allowed hosts, CORS and X-Frame-Options are in place so that the front end behaves exactly as in production.
+    `http://localhost:8000/api/`, which is the default of the backend. If you enabled `DEBUG` on the back end, several security overrides for allowed hosts and CORS are in place so that the front end behaves exactly as in production.
 
 ### Testing and code style
 
diff --git a/src/paperless/settings.py b/src/paperless/settings.py
index 39a1ad83c..a4b27ae28 100644
--- a/src/paperless/settings.py
+++ b/src/paperless/settings.py
@@ -549,10 +549,6 @@ def _parse_remote_user_settings() -> str:
 
 HTTP_REMOTE_USER_HEADER_NAME = _parse_remote_user_settings()
 
-# X-Frame options for embedded PDF display:
-X_FRAME_OPTIONS = "ANY" if DEBUG else "SAMEORIGIN"
-
-
 # The next 3 settings can also be set using just PAPERLESS_URL
 CSRF_TRUSTED_ORIGINS = __get_list("PAPERLESS_CSRF_TRUSTED_ORIGINS")