From cf0e5bb328c868dc1abd00739b09ed50a64f50c3 Mon Sep 17 00:00:00 2001
From: Yuri Kuznetsov <yurikuzn@users.noreply.github.com>
Date: Thu, 1 Dec 2022 12:28:04 +0200
Subject: [PATCH] clientXFrameOptionsHeaderDisabled

---
 application/Espo/Core/Utils/ClientManager.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/application/Espo/Core/Utils/ClientManager.php b/application/Espo/Core/Utils/ClientManager.php
index aa568ff023..8ce289504a 100644
--- a/application/Espo/Core/Utils/ClientManager.php
+++ b/application/Espo/Core/Utils/ClientManager.php
@@ -104,13 +104,22 @@ class ClientManager
             return;
         }
 
-        $response->setHeader('X-Frame-Options', 'SAMEORIGIN');
         $response->setHeader('X-Content-Type-Options', 'nosniff');
 
+        $this->writeXFrameOptionsHeader($response);
         $this->writeContentSecurityPolicyHeader($response);
         $this->writeStrictTransportSecurityHeader($response);
     }
 
+    private function writeXFrameOptionsHeader(Response $response): void
+    {
+        if ($this->config->get('clientXFrameOptionsHeaderDisabled')) {
+            return;
+        }
+
+        $response->setHeader('X-Frame-Options', 'SAMEORIGIN');
+    }
+
     private function writeContentSecurityPolicyHeader(Response $response): void
     {
         if ($this->config->get('clientCspDisabled')) {