From 76e66ede043a21d5c511ff17cf25a8bd5d3d93c3 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Tue, 23 May 2023 14:27:17 +0200
Subject: [PATCH] Remove invalid X-Frame-Options: ALLOWALL (#25070)

---
 app/controllers/media_controller.rb    | 2 +-
 app/controllers/statuses_controller.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/media_controller.rb b/app/controllers/media_controller.rb
index ee82625a03e9f9..42e32ce2aee259 100644
--- a/app/controllers/media_controller.rb
+++ b/app/controllers/media_controller.rb
@@ -46,6 +46,6 @@ def check_playable
   end
 
   def allow_iframing
-    response.headers['X-Frame-Options'] = 'ALLOWALL'
+    response.headers.delete('X-Frame-Options')
   end
 end
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb
index 9eb7ad691d4dc4..4cc3372dee288b 100644
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -43,7 +43,7 @@ def embed
     return not_found if @status.hidden? || @status.reblog?
 
     expires_in 180, public: true
-    response.headers['X-Frame-Options'] = 'ALLOWALL'
+    response.headers.delete('X-Frame-Options')
 
     render layout: 'embedded'
   end