We should deprecate X-Frame-Options ALLOW-FROM directive. It is not longer supported by most browsers. Users should migrate to using Content-Security-Policy frame-ancestors instead.
We should deprecate X-Frame-Options ALLOW-FROM directive. It is not longer supported by most browsers. Users should migrate to using Content-Security-Policy frame-ancestors instead.