From c6b0970e74280f0bb4f4f036ff4136b98b8fc349 Mon Sep 17 00:00:00 2001
From: alanacorreya <156165463+alanacorreya@users.noreply.github.com>
Date: Tue, 11 Nov 2025 13:39:05 +0530
Subject: [PATCH 1/2] Update AbstractController.java

EO-63775 : removed iframe config
---
 .../java/com/structurizr/lite/web/AbstractController.java   | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/src/main/java/com/structurizr/lite/web/AbstractController.java b/src/main/java/com/structurizr/lite/web/AbstractController.java
index eae4179..e998cf0 100644
--- a/src/main/java/com/structurizr/lite/web/AbstractController.java
+++ b/src/main/java/com/structurizr/lite/web/AbstractController.java
@@ -38,10 +38,6 @@ protected void addSecurityHeaders(HttpServletResponse response, ModelMap model)
         response.addHeader(CONTENT_SECURITY_POLICY_HEADER, String.format("script-src 'self' 'nonce-%s'", nonce));
     }
 
-    @ModelAttribute
-    protected void addXFrameOptionsHeader(HttpServletRequest request, HttpServletResponse response) {
-        response.addHeader("X-Frame-Options", "deny");
-    }
 
     protected void addCommonAttributes(ModelMap model, String pageTitle, boolean showHeaderAndFooter) {
         model.addAttribute("timeZone", TimeZone.getDefault().getID());
@@ -81,4 +77,4 @@ public void setWorkspaceComponent(WorkspaceComponent workspaceComponent) {
         this.workspaceComponent = workspaceComponent;
     }
 
-}
\ No newline at end of file
+}

From fd08c633defadef7bd9b81ad8f81ce681b1d513a Mon Sep 17 00:00:00 2001
From: alanacorreya <156165463+alanacorreya@users.noreply.github.com>
Date: Tue, 11 Nov 2025 13:40:43 +0530
Subject: [PATCH 2/2] EO-63775 : Update EmbedController.java

---
 .../java/com/structurizr/lite/web/EmbedController.java    | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/src/main/java/com/structurizr/lite/web/EmbedController.java b/src/main/java/com/structurizr/lite/web/EmbedController.java
index 65c873f..fd0d7f9 100644
--- a/src/main/java/com/structurizr/lite/web/EmbedController.java
+++ b/src/main/java/com/structurizr/lite/web/EmbedController.java
@@ -9,16 +9,10 @@
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
 
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
 
 @Controller
 public class EmbedController extends AbstractController {
 
-    @Override
-    protected void addXFrameOptionsHeader(HttpServletRequest request, HttpServletResponse response) {
-        // do nothing ... this page is supposed to be iframe'd
-    }
 
     @RequestMapping(value = "/embed", method = RequestMethod.GET)
     public String embedFromParent(@RequestParam(required = false, defaultValue = "0") long workspace,
@@ -73,4 +67,4 @@ public String embedFromParent(@RequestParam(required = false, defaultValue = "0"
         }
     }
 
-}
\ No newline at end of file
+}