X-Frame-Options header in Admin returns an invalid value
In OF-997, Admin was enhanced with clickjacking protection with X-Frame-Options header directive. This initially returned a value of "deny" but was updated to return "same".
This generates a console error in Chrome - the correct value is "sameorigin". Without this fix, Admin remains potentially vulnerable to clickjacking.
Trivial fix is here:
Work around: Add SAMEORIGIN to the adminConsole.frame-options property