b0esche/b0esche_cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Remove X-Frame-Options header from Collabora proxy to allow iframe loading

Browse Source 
- The collaboraProxyHandler endpoint is intentionally meant to load in an iframe
- X-Frame-Options: SAMEORIGIN was blocking cross-origin iframe loads
- Removed the header to allow the Flutter web frontend to embed the proxy page
This commit is contained in:
Leon Bösche
2026-01-12 16:34:05 +01:00
parent 6db2bf077d
commit 18138dde01
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
go_cloud/internal/http/wopi_handlers.go
View File

@@ -689,7 +689,7 @@ func collaboraProxyHandler(w http.ResponseWriter, r *http.Request, db *database.
</html>`, collaboraURL, wopiSrc) </html>`, collaboraURL, wopiSrc)
w.Header().Set("Content-Type", "text/html; charset=utf-8") w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.Header().Set("X-Frame-Options", "SAMEORIGIN") // Don't set X-Frame-Options - this endpoint is meant to be loaded in an iframe
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
w.Write([]byte(htmlContent)) w.Write([]byte(htmlContent))