From 5125bb16ef6c4edb29012a790bc6dbe6dc9e8416 Mon Sep 17 00:00:00 2001
From: Lars Eggert <lars@eggert.org>
Date: Mon, 14 Mar 2022 18:42:20 +0200
Subject: [PATCH] fix: X-Frame-Options can only be DENY or SAMEORIGIN these
 days (#3634)

---
 ietf/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ietf/settings.py b/ietf/settings.py
index 60170e0ec..f138ed59e 100644
--- a/ietf/settings.py
+++ b/ietf/settings.py
@@ -326,7 +326,7 @@ UTILS_LOGGER_LEVELS: Dict[str, str] = {
 # ------------------------------------------------------------------------
 
 
-X_FRAME_OPTIONS = 'ALLOW-FROM ietf.org *.ietf.org meetecho.com *.meetecho.com gather.town *.gather.town'
+X_FRAME_OPTIONS = 'SAMEORIGIN'
 CSRF_TRUSTED_ORIGINS = ['ietf.org', '*.ietf.org', 'meetecho.com', '*.meetecho.com', 'gather.town', '*.gather.town', ]
 CSRF_COOKIE_SAMESITE = 'None'
 CSRF_COOKIE_SECURE = True