diff --git a/api/src/org/labkey/api/security/AuthFilter.java b/api/src/org/labkey/api/security/AuthFilter.java index 21e2eb90061..0badfd517c0 100644 --- a/api/src/org/labkey/api/security/AuthFilter.java +++ b/api/src/org/labkey/api/security/AuthFilter.java @@ -55,7 +55,6 @@ public class AuthFilter implements Filter private static final Object FIRST_REQUEST_LOCK = new Object(); public static final String STRICT_TRANSPORT_SECURITY_HEADER_NAME = "Strict-Transport-Security"; - public static final String X_FRAME_OPTIONS_HEADER_NAME = "X-Frame-Options"; public static final String X_CONTENT_TYPE_OPTIONS_HEADER_NAME = "X-Content-Type-Options"; public static final String REFERRER_POLICY_HEADER_NAME = "Referrer-Policy"; public static final String SERVER_HEADER_NAME = "Server"; @@ -87,8 +86,6 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha if (ModuleLoader.getInstance().isStartupComplete()) { - if (!"ALLOW".equals(AppProps.getInstance().getXFrameOption())) - resp.setHeader(X_FRAME_OPTIONS_HEADER_NAME, AppProps.getInstance().getXFrameOption()); resp.setHeader(X_CONTENT_TYPE_OPTIONS_HEADER_NAME, "nosniff"); resp.setHeader(REFERRER_POLICY_HEADER_NAME, "origin-when-cross-origin" ); diff --git a/api/src/org/labkey/api/settings/AppProps.java b/api/src/org/labkey/api/settings/AppProps.java index 1687f2cc748..3ae76372530 100644 --- a/api/src/org/labkey/api/settings/AppProps.java +++ b/api/src/org/labkey/api/settings/AppProps.java @@ -211,11 +211,6 @@ static WriteableAppProps getWriteableInstance() // configurable http security settings - /** - * @return "SAMEORIGIN" or "DENY" or "ALLOW" - */ - String getXFrameOption(); - String getStaticFilesPrefix(); boolean isWebfilesRootEnabled(); diff --git a/api/src/org/labkey/api/settings/AppPropsImpl.java b/api/src/org/labkey/api/settings/AppPropsImpl.java index 424b5ed7f3e..60b22b957fe 100644 --- a/api/src/org/labkey/api/settings/AppPropsImpl.java +++ b/api/src/org/labkey/api/settings/AppPropsImpl.java @@ -554,13 +554,6 @@ public boolean isAllowSessionKeys() return lookupBooleanValue(allowSessionKeys, false); } - @Override - public String getXFrameOption() - { - return lookupStringValue(XFrameOption, "SAMEORIGIN"); - } - - private static final String not_init = ""; private String staticFilesPrefix = not_init; diff --git a/api/src/org/labkey/api/settings/SiteSettingsProperties.java b/api/src/org/labkey/api/settings/SiteSettingsProperties.java index 0eb0a639a33..961ecb54868 100644 --- a/api/src/org/labkey/api/settings/SiteSettingsProperties.java +++ b/api/src/org/labkey/api/settings/SiteSettingsProperties.java @@ -178,14 +178,6 @@ public void setValue(WriteableAppProps writeable, String value) writeable.setAdminOnlyMessage(value); } }, - XFrameOption("Controls whether or not a browser may render a server page in a ,