From fad3df1e39037af3ea4d7dcaf8220dae9f97ef93 Mon Sep 17 00:00:00 2001
From: jonaswinkler <jonas.winkler@jpwinkler.de>
Date: Sat, 19 Dec 2020 16:46:04 +0100
Subject: [PATCH] removed x-frame-options, since that was only used for the
 <object> pdf display tag.

---
 src/paperless/settings.py | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/src/paperless/settings.py b/src/paperless/settings.py
index 1a6b80a0c..c6f7c9357 100644
--- a/src/paperless/settings.py
+++ b/src/paperless/settings.py
@@ -160,13 +160,6 @@ if AUTO_LOGIN_USERNAME:
     MIDDLEWARE.insert(_index+1, 'paperless.auth.AutoLoginMiddleware')
 
 
-if DEBUG:
-    X_FRAME_OPTIONS = ''
-    # this should really be 'allow-from uri' but its not supported in any mayor
-    # browser.
-else:
-    X_FRAME_OPTIONS = 'SAMEORIGIN'
-
 # We allow CORS from localhost:8080
 CORS_ALLOWED_ORIGINS = tuple(os.getenv("PAPERLESS_CORS_ALLOWED_HOSTS", "http://localhost:8000").split(","))