removed x-frame-options, since that was only used for the <object> pdf display tag.

This commit is contained in:
jonaswinkler 2020-12-19 16:46:04 +01:00
parent 1b1b57eb6a
commit fad3df1e39

View File

@ -160,13 +160,6 @@ if AUTO_LOGIN_USERNAME:
MIDDLEWARE.insert(_index+1, 'paperless.auth.AutoLoginMiddleware')
if DEBUG:
X_FRAME_OPTIONS = ''
# this should really be 'allow-from uri' but its not supported in any mayor
# browser.
else:
X_FRAME_OPTIONS = 'SAMEORIGIN'
# We allow CORS from localhost:8080
CORS_ALLOWED_ORIGINS = tuple(os.getenv("PAPERLESS_CORS_ALLOWED_HOSTS", "http://localhost:8000").split(","))