Override HTTP header's default settings (X-FRAME-OPTIONS)

Question

I\'m working with the dev version of Laravel (4.1.*) and there is a new default configuration that I don\'t want : X-Frame-Options: SAMEORIGIN

For the momen

Answer 1

Laravel doesn't provide any configuration to disable this functionality.

According to Taylor Otwell, the only way to bypass it is by adding the following line into the start file:

App::forgetMiddleware('Illuminate\Http\FrameGuard');

The dirty solution is to comment the guilty line:

$response->headers->set('X-Frame-Options', 'SAMEORIGIN', false);

---

Edit (Jan 29th 2014): new info from Taylor Otwell on GitHub about next Laravel's policy.

Removing this by default in 4.2. Should be in an after filter - will leave FrameGuard class so people can add the middleware manually if they want.