From b0aaaa0af7b33afb55d14b8b91487dc2f4a821d2 Mon Sep 17 00:00:00 2001
From: Jonas Winkler <jonas.winkler@jpwinkler.de>
Date: Wed, 4 Nov 2020 17:26:49 +0100
Subject: [PATCH] allow document display with angular dev server

---
 src/paperless/settings.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/paperless/settings.py b/src/paperless/settings.py
index e6aa86217..bb71e4764 100644
--- a/src/paperless/settings.py
+++ b/src/paperless/settings.py
@@ -125,7 +125,12 @@ TEMPLATES = [
 # NEVER RUN WITH DEBUG IN PRODUCTION.
 DEBUG = __get_boolean("PAPERLESS_DEBUG", "NO")
 
-X_FRAME_OPTIONS = 'SAMEORIGIN'
+if DEBUG:
+    X_FRAME_OPTIONS = ''
+    # this should really be 'allow-from uri' but its not supported in any mayor
+    # browser.
+else:
+    X_FRAME_OPTIONS = 'SAMEORIGIN'
 
 # We allow CORS from localhost:8080
 CORS_ORIGIN_WHITELIST = tuple(os.getenv("PAPERLESS_CORS_ALLOWED_HOSTS", "http://localhost:8080,https://localhost:8080").split(","))