From b6b6b85bf4d8bb6f58ea860a622dbc8902721b68 Mon Sep 17 00:00:00 2001
From: Luke Pulverenti <luke.pulverenti@gmail.com>
Date: Sun, 29 May 2016 17:04:49 -0400
Subject: [PATCH] remove x-frame-options

---
 MediaBrowser.Model/Configuration/ServerConfiguration.cs  | 3 ---
 .../HttpServer/HttpListenerHost.cs                       | 2 +-
 .../HttpServer/ResponseFilter.cs                         | 9 +--------
 3 files changed, 2 insertions(+), 12 deletions(-)

diff --git a/MediaBrowser.Model/Configuration/ServerConfiguration.cs b/MediaBrowser.Model/Configuration/ServerConfiguration.cs
index 1971b812e0..df0e42869b 100644
--- a/MediaBrowser.Model/Configuration/ServerConfiguration.cs
+++ b/MediaBrowser.Model/Configuration/ServerConfiguration.cs
@@ -184,8 +184,6 @@ namespace MediaBrowser.Model.Configuration
         public bool EnableVideoArchiveFiles { get; set; }
         public int RemoteClientBitrateLimit { get; set; }
 
-        public bool DenyIFrameEmbedding { get; set; }
-
         public AutoOnOff EnableLibraryMonitor { get; set; }
 
         public int SharingExpirationDays { get; set; }
@@ -222,7 +220,6 @@ namespace MediaBrowser.Model.Configuration
             EnableAnonymousUsageReporting = true;
 
             EnableAutomaticRestart = true;
-            DenyIFrameEmbedding = true;
 
             EnableUPnP = true;
             SharingExpirationDays = 30;
diff --git a/MediaBrowser.Server.Implementations/HttpServer/HttpListenerHost.cs b/MediaBrowser.Server.Implementations/HttpServer/HttpListenerHost.cs
index c5cb810e53..f091f0f1f7 100644
--- a/MediaBrowser.Server.Implementations/HttpServer/HttpListenerHost.cs
+++ b/MediaBrowser.Server.Implementations/HttpServer/HttpListenerHost.cs
@@ -106,7 +106,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer
                 }
             });
 
-            HostContext.GlobalResponseFilters.Add(new ResponseFilter(_logger, () => _config.Configuration.DenyIFrameEmbedding).FilterResponse);
+            HostContext.GlobalResponseFilters.Add(new ResponseFilter(_logger).FilterResponse);
         }
 
         public override void OnAfterInit()
diff --git a/MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs b/MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs
index f993d4437a..ee05702f4c 100644
--- a/MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs
+++ b/MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs
@@ -12,12 +12,10 @@ namespace MediaBrowser.Server.Implementations.HttpServer
     {
         private static readonly CultureInfo UsCulture = new CultureInfo("en-US");
         private readonly ILogger _logger;
-        private readonly Func<bool> _denyIframeEmbedding;
 
-        public ResponseFilter(ILogger logger, Func<bool> denyIframeEmbedding)
+        public ResponseFilter(ILogger logger)
         {
             _logger = logger;
-            _denyIframeEmbedding = denyIframeEmbedding;
         }
 
         /// <summary>
@@ -31,11 +29,6 @@ namespace MediaBrowser.Server.Implementations.HttpServer
             // Try to prevent compatibility view
             res.AddHeader("X-UA-Compatible", "IE=Edge");
 
-            if (_denyIframeEmbedding())
-            {
-                res.AddHeader("X-Frame-Options", "SAMEORIGIN");
-            }
-
             var exception = dto as Exception;
 
             if (exception != null)