Can't override X-Frame-Options header

[dawidkulpa]

Versions

• Pi-hole: v6.0.5
• AdminLTE: v6.0.2
• FTL: v6.0.4

Platform

• OS and version: Debian Bullseye

• Platform: Orange Pi Zero 2W

Expected behavior

After setting X-Frame-Options header in Settings -> All settings -> Webserver -> webserver.headers, requests should be getting the desired value in responses.

Actual behavior / bug

Whatever value I set it to, I always receive x-frame-options: SAMEORIGIN in responses.

Additional context

Setting other headers seem to be working - I tried clearing everything else and leaving only frame options, and in fact the other headers were removed.

[DL6ER]

Where are you looking?

It seems to work as expected for me:

Default setting

curl -sI http://pi.hole/admin/login | grep Frame
X-Frame-Options: DENY

After changing it to something else in pihole.toml, this works as well:

curl -sI http://pi.hole/admin/login | grep Frame
X-Frame-Options: ALLOW-FROM abc.com

What seems suspicious to me is that you are quoting the header key all lowercase, however, FTL sends them like in my two examples. Can it be that you have some reverse proxy (or similar) in between which is messing with the headers?