Marten should provide a way to automatically set the X-Frame-Options header through the use of a dedicated middleware. It should also be possible to explicitly disable this protection on a per-view basis.
To do
[x] Add a new Marten::Middleware::XFrameOptions middleware implementation: this middleware should set the X-Frame-Options header if it wasn't already set in the response
[x] Add a new Marten.settings.x_frame_options setting allowing to customize the header value (it should default to DENY)
[x] Add the ability to disable the X-Frame-Options protection on a per-view basis
Description
Marten should provide a way to automatically set the
X-Frame-Optionsheader through the use of a dedicated middleware. It should also be possible to explicitly disable this protection on a per-view basis.To do
Marten::Middleware::XFrameOptionsmiddleware implementation: this middleware should set theX-Frame-Optionsheader if it wasn't already set in the responseMarten.settings.x_frame_optionssetting allowing to customize the header value (it should default toDENY)