From 18138dde01d66f148d7b473f71c975408865c831 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20B=C3=B6sche?= Date: Mon, 12 Jan 2026 16:34:05 +0100 Subject: [PATCH] Fix: Remove X-Frame-Options header from Collabora proxy to allow iframe loading - The collaboraProxyHandler endpoint is intentionally meant to load in an iframe - X-Frame-Options: SAMEORIGIN was blocking cross-origin iframe loads - Removed the header to allow the Flutter web frontend to embed the proxy page --- go_cloud/internal/http/wopi_handlers.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go_cloud/internal/http/wopi_handlers.go b/go_cloud/internal/http/wopi_handlers.go index ae5cf83..57c9883 100644 --- a/go_cloud/internal/http/wopi_handlers.go +++ b/go_cloud/internal/http/wopi_handlers.go @@ -689,7 +689,7 @@ func collaboraProxyHandler(w http.ResponseWriter, r *http.Request, db *database. `, collaboraURL, wopiSrc) w.Header().Set("Content-Type", "text/html; charset=utf-8") - w.Header().Set("X-Frame-Options", "SAMEORIGIN") + // Don't set X-Frame-Options - this endpoint is meant to be loaded in an iframe w.WriteHeader(http.StatusOK) w.Write([]byte(htmlContent))