From b0130b8faecceab8e4ba6aa002f84c71a493e2c2 Mon Sep 17 00:00:00 2001
From: Sebastian Serth <Sebastian.Serth@hpi.de>
Date: Sat, 3 Sep 2022 00:01:13 +0200
Subject: [PATCH] Remove overwrite for X-Frame-Options

* With current third-party-cookies being blocked by modern
browsers, CodeOcean won't work in an iFrame anyway.
---
 app/controllers/application_controller.rb | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 5e401697..a08e780a 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -9,7 +9,7 @@ class ApplicationController < ActionController::Base
   after_action :verify_authorized, except: %i[welcome]
   around_action :mnemosyne_trace
   around_action :switch_locale
-  before_action :set_sentry_context, :allow_iframe_requests, :load_embed_options
+  before_action :set_sentry_context, :load_embed_options
   protect_from_forgery(with: :exception, prepend: true)
   rescue_from Pundit::NotAuthorizedError, with: :render_not_authorized
   rescue_from ActionController::InvalidAuthenticityToken, with: :render_csrf_error
@@ -96,10 +96,6 @@ class ApplicationController < ActionController::Base
     # Show root page
   end
 
-  def allow_iframe_requests
-    response.headers.delete('X-Frame-Options')
-  end
-
   def load_embed_options
     @embed_options = if session[:embed_options].present? && session[:embed_options].is_a?(Hash)
                        session[:embed_options].symbolize_keys