I need to remove the X-Frame-Options header

There is some discussion about this in the past and the answer was that we’re working on a way for you to remove a header, and then it was implied that it was in the next version. But I’ll be darned if I can figure out how to clear this header. I have an app that specifically needs to be able to be embedded into a cross domain iFrame but currently cannot make that work because the X-Frame-Origin is set to SAMEORIGIN.

I tried catching the hit in app.HandleURL, using the webRequest.header and setting the entry for X-Frame-Origin to an empty string and then returning false so the regular handling of the request would continue. That didn’t work. I experimented with the session.prepareSession but there is nothing in the header string being passed there at all and my adding anything to it doesn’t seem to do anything.

How can I turn off that header?

http://documentation.xojo.com/index.php/WebApplication.Security

Wonderful! I’m sure i looked at that webApplication.security page but I guess not. Thank you.