Hello,
Our Environment: Moodle version: 3.9.x, CentOS7, PHP7.3, Apache
I'm trying to implement HTTP Custom Headers on our apache web server.
As a part of it, X-Frame-Options SAMEORIGIN is something that I configured on the apache config file. But it seems like even Moodle has an embedded "X-Frame-Options sameorigin" within the code under moodle/lib/weblib.php
// The Moodle app must be allowed to embed content always.
if (empty($CFG->allowframembedding) && !core_useragent::is_moodle_app()) {
@header('X-Frame-Options: sameorigin');
}
Now, the question is - how do we suppress this ? can we configure something in config.php so the browser considers only the value that is given explicitly and not the one in moodle source code.
Please advice.
Thanks,
Manoj.