Add option to enable/disable iframe inclusion http header

app/Controller/Base.php

@@ -153,7 +153,7 @@ abstract class Base
         $this->response->xss();
 
         // Allow the public board iframe inclusion
-        if ($action !== 'readonly') {
+        if (ENABLE_XFRAME && $action !== 'readonly') {
             $this->response->xframe();
         }
 

app/constants.php

@@ -68,6 +68,9 @@ defined('MAIL_SENDMAIL_COMMAND') or define('MAIL_SENDMAIL_COMMAND', '/usr/sbin/s
 // Enable or disable "Strict-Transport-Security" HTTP header
 defined('ENABLE_HSTS') or define('ENABLE_HSTS', true);
 
+// Enable or disable "X-Frame-Options: DENY" HTTP header
+defined('ENABLE_XFRAME') or define('ENABLE_XFRAME', true);
+
 // Default files directory
 defined('FILES_DIR') or define('FILES_DIR', 'data/files/');
 

config.default.php

@@ -124,3 +124,6 @@ define('REVERSE_PROXY_DEFAULT_DOMAIN', '');
 
 // Enable or disable "Strict-Transport-Security" HTTP header
 define('ENABLE_HSTS', true);
+
+// Enable or disable "X-Frame-Options: DENY" HTTP header
+define('ENABLE_XFRAME', true);