I need the ability to override the X-Frame-Options: DENY directive.
This commit broke my ability to embed a note in an iFrame within my MagicMirror digital display.
I thought it was DNS at first, but this directive is causing the issue per the commit above.
If it's not possible to override this now or with a feature, what's the recommended patching approach so I can remove this security feature?
My server is behind a firewall, so this security feature is hobbling my ability to use Joplin effectively. I adopted the Joplin server specifically to share notes in this manner.
There's no plan to support running the server within an iframe at this point, but I guess you could put a proxy in front of it (you probably already do), and rewrite or remove these specific headers.
It was painful, but this is what finally worked within my container environment.
I'm guessing there is a cleaner way, but for those that run across this in the future, this does work.
I am using Synology with DSM 7.0.1-42218, so I used the Container Links feature from the Nginx container to set the alias so it can communicate with the Joplin container.