From fcf150f70421f3f6d26f19cf06c5334e2ee57d61 Mon Sep 17 00:00:00 2001
From: Eduard Gert <kontakt@eduardgert.de>
Date: Fri, 6 Sep 2024 15:39:08 +0200
Subject: [PATCH] Use X-Frame-Options sameorigin header (#2547)

---
 infrastructure_files/getting-started-with-zitadel.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure_files/getting-started-with-zitadel.sh b/infrastructure_files/getting-started-with-zitadel.sh
index 5c33e2db6..1aae212ee 100644
--- a/infrastructure_files/getting-started-with-zitadel.sh
+++ b/infrastructure_files/getting-started-with-zitadel.sh
@@ -541,7 +541,7 @@ renderCaddyfile() {
 
         # clickjacking protection
         # https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-frame-options
-        X-Frame-Options "DENY"
+        X-Frame-Options "SAMEORIGIN"
 
         # xss protection
         # https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-xss-protection