Drupal by default adds X-Frame-Options: SAMEORIGIN to all responses. This is a valid security measure, but it gets in the way for the Storybook (et. al.) integration.

We should add a response subscriber to remove that header in the CL Server route.

Issue fork cl_server-3322228

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

e0ipso created an issue. See original summary.

e0ipso credited javi-er.

e0ipso credited m4olivei.

e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
commented
e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
commented
Title: Remove X-Frame header to allow non-localhost setups » Remove X-Frame-Options header to allow non-localhost setups
Issue summary: View changes
e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
commented
Issue summary: View changes

e0ipso opened merge request !6

  • e0ipso committed 0f96b8d on 1.x 
    Issue #3322228 by e0ipso, javi-er, m4olivei: Remove X-Frame-Options...
e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
commented
Status: Active » Fixed
//www.flaticon.com/free-icons/thank-you Thank you for your contribution! Your continued support to Free Software projects furthers the Open Web, and makes Drupal stronger.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.