remove x-frame-options

MediaBrowser.Model/Configuration/ServerConfiguration.cs

@@ -184,8 +184,6 @@ namespace MediaBrowser.Model.Configuration
         public bool EnableVideoArchiveFiles { get; set; }
         public int RemoteClientBitrateLimit { get; set; }
 
-        public bool DenyIFrameEmbedding { get; set; }
-
         public AutoOnOff EnableLibraryMonitor { get; set; }
 
         public int SharingExpirationDays { get; set; }
@@ -222,7 +220,6 @@ namespace MediaBrowser.Model.Configuration
             EnableAnonymousUsageReporting = true;
 
             EnableAutomaticRestart = true;
-            DenyIFrameEmbedding = true;
 
             EnableUPnP = true;
             SharingExpirationDays = 30;

MediaBrowser.Server.Implementations/HttpServer/HttpListenerHost.cs

@@ -106,7 +106,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer
                 }
             });
 
-            HostContext.GlobalResponseFilters.Add(new ResponseFilter(_logger, () => _config.Configuration.DenyIFrameEmbedding).FilterResponse);
+            HostContext.GlobalResponseFilters.Add(new ResponseFilter(_logger).FilterResponse);
         }
 
         public override void OnAfterInit()

MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs

@@ -12,12 +12,10 @@ namespace MediaBrowser.Server.Implementations.HttpServer
     {
         private static readonly CultureInfo UsCulture = new CultureInfo("en-US");
         private readonly ILogger _logger;
-        private readonly Func<bool> _denyIframeEmbedding;
 
-        public ResponseFilter(ILogger logger, Func<bool> denyIframeEmbedding)
+        public ResponseFilter(ILogger logger)
         {
             _logger = logger;
-            _denyIframeEmbedding = denyIframeEmbedding;
         }
 
         /// <summary>
@@ -31,11 +29,6 @@ namespace MediaBrowser.Server.Implementations.HttpServer
             // Try to prevent compatibility view
             res.AddHeader("X-UA-Compatible", "IE=Edge");
 
-            if (_denyIframeEmbedding())
-            {
-                res.AddHeader("X-Frame-Options", "SAMEORIGIN");
-            }
-
             var exception = dto as Exception;
 
             if (exception != null)