Dear future anon finding this thread.
Please note that changing any source code files is connected with possible dangers and issues that you will be alone with.
Changing X-Frame options of Zammad is a very dangerous operation.
While the settings may seem a bit too paranoid, they were chosen that way for very good reasons: Your security.
@TomGem Package is not an option, since I am running other web services behind a reverse proxy. Will try directly mounting the file into the docker container. The general idea came to mind, but I was tired after an all nighter this morning so decided to first post the question. Will report back, whether it worked as expected or whether I run into any issues…
@MrGeneration Could you elaborate on potential dangers in general and specifially when allowing access from a authentication protected route of a webapp that is only reachable through VPN?
Adjusting X-Frame options is always a potential danger.
It’s not directly pinned to your situation but a general warning to our dear copy cats out there.
Adjust X-Frame headers may cause possible cross site issues that could be introduced or similar.