Update: 2026-05-04 20:12:58

2026-05-04 20:12:58 +03:00
parent 8d499716ce
commit 3249a227d6
2 changed files with 2 additions and 2 deletions
--- a/app/bootstrap/init.php
+++ b/app/bootstrap/init.php
@@ -57,7 +57,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {

 // 5. Security Headers
 header("X-Content-Type-Options: nosniff");
-header("X-Frame-Options: DENY");
+header("X-Frame-Options: SAMEORIGIN");
 header("X-XSS-Protection: 1; mode=block");
 header("Referrer-Policy: strict-origin-when-cross-origin");
 header("Strict-Transport-Security: max-age=31536000; includeSubDomains"); // I1 Fix: HSTS