From a22365d52997754325d0010b3bb384355e5cfc2b Mon Sep 17 00:00:00 2001
From: Oliver Gasser <oliver@flowriver.net>
Date: Thu, 14 Nov 2019 11:37:13 +0100
Subject: [PATCH] Remove SAMEORIGIN header from nginx config doc

Removes the SAMEORIGIN header from the nginx configuration documentation as this is handled by PHP directly.

Fixes #1701
---
 admin_manual/installation/nginx.rst | 2 --
 1 file changed, 2 deletions(-)

diff --git a/admin_manual/installation/nginx.rst b/admin_manual/installation/nginx.rst
index c80549cb595..ff5aea21bd7 100644
--- a/admin_manual/installation/nginx.rst
+++ b/admin_manual/installation/nginx.rst
@@ -170,7 +170,6 @@ webroot of your nginx installation. In this example it is
           add_header Referrer-Policy "no-referrer" always;
           add_header X-Content-Type-Options "nosniff" always;
           add_header X-Download-Options "noopen" always;
-          add_header X-Frame-Options "SAMEORIGIN" always;
           add_header X-Permitted-Cross-Domain-Policies "none" always;
           add_header X-Robots-Tag "none" always;
           add_header X-XSS-Protection "1; mode=block" always;
@@ -231,7 +230,6 @@ your nginx installation.
       add_header Referrer-Policy "no-referrer" always;
       add_header X-Content-Type-Options "nosniff" always;
       add_header X-Download-Options "noopen" always;
-      add_header X-Frame-Options "SAMEORIGIN" always;
       add_header X-Permitted-Cross-Domain-Policies "none" always;
       add_header X-Robots-Tag "none" always;
       add_header X-XSS-Protection "1; mode=block" always;