I\'m working with the dev version of Laravel (4.1.*) and there is a new default configuration that I don\'t want : X-Frame-Options: SAMEORIGIN
For the momen
The third parameter of the header method should serve your needs.
Laravel doesn't provide any configuration to disable this functionality.
According to Taylor Otwell, the only way to bypass it is by adding the following line into the start file:
App::forgetMiddleware('Illuminate\Http\FrameGuard');
The dirty solution is to comment the guilty line:
$response->headers->set('X-Frame-Options', 'SAMEORIGIN', false);
Edit (Jan 29th 2014): new info from Taylor Otwell on GitHub about next Laravel's policy.
Removing this by default in 4.2. Should be in an after filter - will leave FrameGuard class so people can add the middleware manually if they want.