Remove obsolete X-Frame-Options

Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
2026-02-08 21:54:38 +09:00
parent c1a8ca6397
commit 66d66f67f8
6 changed files with 0 additions and 30 deletions
--- a/roles/custom/matrix-client-hydrogen/defaults/main.yml
+++ b/roles/custom/matrix-client-hydrogen/defaults/main.yml
@@ -68,7 +68,6 @@ matrix_client_hydrogen_container_labels_traefik_additional_response_headers_auto
  {{
    {}
    | combine ({'X-XSS-Protection': matrix_client_hydrogen_http_header_xss_protection} if matrix_client_hydrogen_http_header_xss_protection else {})
-    | combine ({'X-Frame-Options': matrix_client_hydrogen_http_header_frame_options} if matrix_client_hydrogen_http_header_frame_options else {})
    | combine ({'X-Content-Type-Options': matrix_client_hydrogen_http_header_content_type_options} if matrix_client_hydrogen_http_header_content_type_options else {})
    | combine ({'Content-Security-Policy': matrix_client_hydrogen_http_header_content_security_policy} if matrix_client_hydrogen_http_header_content_security_policy else {})
    | combine ({'Permission-Policy': matrix_client_hydrogen_http_header_content_permission_policy} if matrix_client_hydrogen_http_header_content_permission_policy else {})
@@ -99,10 +98,6 @@ matrix_client_hydrogen_systemd_required_services_list: "{{ [devture_systemd_dock
 # - https://portswigger.net/web-security/cross-site-scripting/reflected
 matrix_client_hydrogen_http_header_xss_protection: "1; mode=block"

-# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
-# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-matrix_client_hydrogen_http_header_frame_options: SAMEORIGIN
-
 # Specifies the value of the `X-Content-Type-Options` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
 matrix_client_hydrogen_http_header_content_type_options: nosniff