From 85cae8af6405d7153d5dafa73a0de79df6f374fe Mon Sep 17 00:00:00 2001
From: Gauthier Roebroeck <gauthier.roebroeck@gmail.com>
Date: Tue, 28 Nov 2023 16:50:33 +0800
Subject: [PATCH] fix(api): set X-Frame-Options header to same origin for
 epubreader

---
 .../komga/infrastructure/security/SecurityConfiguration.kt       | 1 +
 1 file changed, 1 insertion(+)

diff --git a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt
index 982f89669..de6dfde36 100644
--- a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt
+++ b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt
@@ -87,6 +87,7 @@ class SecurityConfiguration(
       }
       .headers { headersConfigurer ->
         headersConfigurer.cacheControl { it.disable() } // headers are set in WebMvcConfiguration
+        headersConfigurer.frameOptions { it.sameOrigin() } // for epubreader iframes
       }
       .httpBasic {
         it.authenticationDetailsSource(userAgentWebAuthenticationDetailsSource)