Fix: remove deprecated debug x-frame-options

2025-03-31 13:35:08 -05:00 · 2025-03-11 13:39:03 -07:00 · 2025-03-11 13:39:03 -07:00 · 4ef5fbfb6e
commit 4ef5fbfb6e
parent b0390a92ea
2 changed files with 1 additions and 5 deletions
--- a/docs/development.md
+++ b/docs/development.md
@ -207,7 +207,7 @@ The front end is built using AngularJS. In order to get started, you need Node.j
    restart it.

    By default, the development server is available on `http://localhost:4200/` and is configured to access the API at
-    `http://localhost:8000/api/`, which is the default of the backend. If you enabled `DEBUG` on the back end, several security overrides for allowed hosts, CORS and X-Frame-Options are in place so that the front end behaves exactly as in production.
+    `http://localhost:8000/api/`, which is the default of the backend. If you enabled `DEBUG` on the back end, several security overrides for allowed hosts and CORS are in place so that the front end behaves exactly as in production.

 ### Testing and code style

--- a/src/paperless/settings.py
+++ b/src/paperless/settings.py
@ -549,10 +549,6 @@ def _parse_remote_user_settings() -> str:

 HTTP_REMOTE_USER_HEADER_NAME = _parse_remote_user_settings()

-# X-Frame options for embedded PDF display:
-X_FRAME_OPTIONS = "ANY" if DEBUG else "SAMEORIGIN"
-
-
 # The next 3 settings can also be set using just PAPERLESS_URL
 CSRF_TRUSTED_ORIGINS = __get_list("PAPERLESS_CSRF_TRUSTED_ORIGINS")