Remove obsolete X-Frame-Options

Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>

roles/custom/matrix-bot-go-neb/defaults/main.yml

@@ -76,7 +76,6 @@ matrix_bot_go_neb_container_labels_traefik_additional_response_headers_auto: |
   {{
     {}
     | combine ({'X-XSS-Protection': matrix_bot_go_neb_http_header_xss_protection} if matrix_bot_go_neb_http_header_xss_protection else {})
-    | combine ({'X-Frame-Options': matrix_bot_go_neb_http_header_frame_options} if matrix_bot_go_neb_http_header_frame_options else {})
     | combine ({'X-Content-Type-Options': matrix_bot_go_neb_http_header_content_type_options} if matrix_bot_go_neb_http_header_content_type_options else {})
     | combine ({'Content-Security-Policy': matrix_bot_go_neb_http_header_content_security_policy} if matrix_bot_go_neb_http_header_content_security_policy else {})
     | combine ({'Permission-Policy': matrix_bot_go_neb_http_header_content_permission_policy} if matrix_bot_go_neb_http_header_content_permission_policy else {})
@@ -113,10 +112,6 @@ matrix_bot_go_neb_systemd_wanted_services_list: []
 # - https://portswigger.net/web-security/cross-site-scripting/reflected
 matrix_bot_go_neb_http_header_xss_protection: "1; mode=block"
 
-# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
-# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-matrix_bot_go_neb_http_header_frame_options: SAMEORIGIN
-
 # Specifies the value of the `X-Content-Type-Options` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
 matrix_bot_go_neb_http_header_content_type_options: nosniff

roles/custom/matrix-client-element/defaults/main.yml

@@ -87,7 +87,6 @@ matrix_client_element_container_labels_traefik_additional_response_headers_auto:
   {{
     {}
     | combine ({'X-XSS-Protection': matrix_client_element_http_header_xss_protection} if matrix_client_element_http_header_xss_protection else {})
-    | combine ({'X-Frame-Options': matrix_client_element_http_header_frame_options} if matrix_client_element_http_header_frame_options else {})
     | combine ({'X-Content-Type-Options': matrix_client_element_http_header_content_type_options} if matrix_client_element_http_header_content_type_options else {})
     | combine ({'Content-Security-Policy': matrix_client_element_http_header_content_security_policy} if matrix_client_element_http_header_content_security_policy else {})
     | combine ({'Permission-Policy': matrix_client_element_http_header_content_permission_policy} if matrix_client_element_http_header_content_permission_policy else {})
@@ -123,10 +122,6 @@ matrix_client_element_container_healthcheck_cmd: ""
 # - https://portswigger.net/web-security/cross-site-scripting/reflected
 matrix_client_element_http_header_xss_protection: "1; mode=block"
 
-# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
-# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-matrix_client_element_http_header_frame_options: SAMEORIGIN
-
 # Specifies the value of the `X-Content-Type-Options` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
 matrix_client_element_http_header_content_type_options: nosniff

roles/custom/matrix-client-fluffychat/defaults/main.yml

@@ -66,7 +66,6 @@ matrix_client_fluffychat_container_labels_traefik_additional_response_headers_au
   {{
     {}
     | combine ({'X-XSS-Protection': matrix_client_fluffychat_http_header_xss_protection} if matrix_client_fluffychat_http_header_xss_protection else {})
-    | combine ({'X-Frame-Options': matrix_client_fluffychat_http_header_frame_options} if matrix_client_fluffychat_http_header_frame_options else {})
     | combine ({'X-Content-Type-Options': matrix_client_fluffychat_http_header_content_type_options} if matrix_client_fluffychat_http_header_content_type_options else {})
     | combine ({'Content-Security-Policy': matrix_client_fluffychat_http_header_content_security_policy} if matrix_client_fluffychat_http_header_content_security_policy else {})
     | combine ({'Permission-Policy': matrix_client_fluffychat_http_header_content_permission_policy} if matrix_client_fluffychat_http_header_content_permission_policy else {})
@@ -100,10 +99,6 @@ matrix_client_fluffychat_systemd_required_services_list_custom: []
 # - https://portswigger.net/web-security/cross-site-scripting/reflected
 matrix_client_fluffychat_http_header_xss_protection: "1; mode=block"
 
-# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
-# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-matrix_client_fluffychat_http_header_frame_options: SAMEORIGIN
-
 # Specifies the value of the `X-Content-Type-Options` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
 matrix_client_fluffychat_http_header_content_type_options: nosniff

roles/custom/matrix-client-hydrogen/defaults/main.yml

@@ -68,7 +68,6 @@ matrix_client_hydrogen_container_labels_traefik_additional_response_headers_auto
   {{
     {}
     | combine ({'X-XSS-Protection': matrix_client_hydrogen_http_header_xss_protection} if matrix_client_hydrogen_http_header_xss_protection else {})
-    | combine ({'X-Frame-Options': matrix_client_hydrogen_http_header_frame_options} if matrix_client_hydrogen_http_header_frame_options else {})
     | combine ({'X-Content-Type-Options': matrix_client_hydrogen_http_header_content_type_options} if matrix_client_hydrogen_http_header_content_type_options else {})
     | combine ({'Content-Security-Policy': matrix_client_hydrogen_http_header_content_security_policy} if matrix_client_hydrogen_http_header_content_security_policy else {})
     | combine ({'Permission-Policy': matrix_client_hydrogen_http_header_content_permission_policy} if matrix_client_hydrogen_http_header_content_permission_policy else {})
@@ -99,10 +98,6 @@ matrix_client_hydrogen_systemd_required_services_list: "{{ [devture_systemd_dock
 # - https://portswigger.net/web-security/cross-site-scripting/reflected
 matrix_client_hydrogen_http_header_xss_protection: "1; mode=block"
 
-# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
-# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-matrix_client_hydrogen_http_header_frame_options: SAMEORIGIN
-
 # Specifies the value of the `X-Content-Type-Options` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
 matrix_client_hydrogen_http_header_content_type_options: nosniff

roles/custom/matrix-client-schildichat/defaults/main.yml

@@ -64,7 +64,6 @@ matrix_client_schildichat_container_labels_traefik_additional_response_headers_a
   {{
     {}
     | combine ({'X-XSS-Protection': matrix_client_schildichat_http_header_xss_protection} if matrix_client_schildichat_http_header_xss_protection else {})
-    | combine ({'X-Frame-Options': matrix_client_schildichat_http_header_frame_options} if matrix_client_schildichat_http_header_frame_options else {})
     | combine ({'X-Content-Type-Options': matrix_client_schildichat_http_header_content_type_options} if matrix_client_schildichat_http_header_content_type_options else {})
     | combine ({'Content-Security-Policy': matrix_client_schildichat_http_header_content_security_policy} if matrix_client_schildichat_http_header_content_security_policy else {})
     | combine ({'Permission-Policy': matrix_client_schildichat_http_header_content_permission_policy} if matrix_client_schildichat_http_header_content_permission_policy else {})
@@ -95,10 +94,6 @@ matrix_client_schildichat_systemd_required_services_list: "{{ [devture_systemd_d
 # - https://portswigger.net/web-security/cross-site-scripting/reflected
 matrix_client_schildichat_http_header_xss_protection: "1; mode=block"
 
-# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
-# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-matrix_client_schildichat_http_header_frame_options: SAMEORIGIN
-
 # Specifies the value of the `X-Content-Type-Options` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
 matrix_client_schildichat_http_header_content_type_options: nosniff

roles/custom/matrix-synapse-admin/defaults/main.yml

@@ -78,7 +78,6 @@ matrix_synapse_admin_container_labels_traefik_additional_response_headers_auto:
   {{
     {}
     | combine ({'X-XSS-Protection': matrix_synapse_admin_http_header_xss_protection} if matrix_synapse_admin_http_header_xss_protection else {})
-    | combine ({'X-Frame-Options': matrix_synapse_admin_http_header_frame_options} if matrix_synapse_admin_http_header_frame_options else {})
     | combine ({'X-Content-Type-Options': matrix_synapse_admin_http_header_content_type_options} if matrix_synapse_admin_http_header_content_type_options else {})
     | combine ({'Content-Security-Policy': matrix_synapse_admin_http_header_content_security_policy} if matrix_synapse_admin_http_header_content_security_policy else {})
     | combine ({'Permission-Policy': matrix_synapse_admin_http_header_content_permission_policy} if matrix_synapse_admin_http_header_content_permission_policy else {})
@@ -109,10 +108,6 @@ matrix_synapse_admin_systemd_wanted_services_list: []
 # - https://portswigger.net/web-security/cross-site-scripting/reflected
 matrix_synapse_admin_http_header_xss_protection: "1; mode=block"
 
-# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
-# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-matrix_synapse_admin_http_header_frame_options: SAMEORIGIN
-
 # Specifies the value of the `X-Content-Type-Options` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
 matrix_synapse_admin_http_header_content_type_options: nosniff