In OF-997, Admin was enhanced with clickjacking protection with X-Frame-Options header directive. This initially returned a value of "deny" but was updated to return "same".
This generates a console error in Chrome - the correct value is "sameorigin". Without this fix, Admin remains potentially vulnerable to clickjacking.