REFACTOR: do X-Frame-Options header removal in application controller.

Co-authored-by: Sam <sam.saffron@gmail.com>
Previous commit: f7084a4339

app/controllers/application_controller.rb

@@ -43,6 +43,7 @@ class ApplicationController < ActionController::Base
   after_action  :add_readonly_header
   after_action  :perform_refresh_session
   after_action  :dont_cache_page
+  after_action  :conditionally_allow_site_embedding
 
   layout :set_layout
 
@@ -87,6 +88,12 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def conditionally_allow_site_embedding
+    if SiteSetting.allow_embedding_site_in_an_iframe
+      response.headers.delete('X-Frame-Options')
+    end
+  end
+
   def set_layout
     case request.headers["Discourse-Render"]
     when "desktop"

config/initializers/011-rack-protection.rb

@@ -1,5 +0,0 @@
-# frozen_string_literal: true
-
-require 'rack/protection'
-
-Rails.configuration.middleware.use Middleware::FrameOptions

lib/middleware/frame_options.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-module Middleware
-  class FrameOptions
-    def initialize(app, settings = {})
-      @app = app
-    end
-
-    def call(env)
-      status, headers, body = @app.call(env)
-      headers.except!('X-Frame-Options') if SiteSetting.allow_embedding_site_in_an_iframe
-      [status, headers, body]
-    end
-  end
-end