Allow mattermost inside an iframe, in a controlled way
This pull request introduced a security measure to protect against clicjacking attacks: https://github.com/mattermost/platform/pull/253
But it also prevents some legitimate uses of iframes. For example, Nextcloud has a "external sites" function to run any app as if it was a Nextcloud app, by putting it in an iframe inside Nextcloud (https://docs.nextcloud.com/server/9/admin_manual/configuration_server/external_sites.html).
This way it would allow legitimate uses, while still protecting against clickjacking attacks.
Which file did you change from DENY to ALLOW-FROM.
I cant find head.html or even context.go.
Jim Whitescarver commented
We need this to run mattermost in our portals for diglife.com across mattermost instances.