Need to turn off x-frame-options.

[Kareem]

Hello!

I'm running resourcespace under a masked goddaddy subdomain (which places the website within an iframe). As a result, ResourceSpace is blocking it under it's X-Frame-Options XSS setting. 

How do I turn this off?

Errata:
You're probably wondering why it's in an iFrame. GoDaddy manages masked subdomains by placing the masked site within an iframe. unfortunately, I can't move the parent domain off GoDaddy because the same domain is using GoDaddy for mail and office services. 

[Hans-Eric Jaeger]

Kareem,

         I'm not sure if this is exactly your issue, but do you have access to the apache config files? If so you can set the apache directive "Header always append X-Frame-Options: ALLOW-FROM *" . The star is simply a wildcard character that can (and probably should) be replaced with a domain name as well. Please keep in mind that if you allow x-frame from all then you are softening the security of your website. Mostly by allowing the possibility of your site to be "Clickjacked". Meaning that someone else can take your site and place it inside of an iframe on their domain and place fake linkes on top of the iframe.  

Here is a bit more information on preventing clickjacking - https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Another link to more information about "X-Frame-Options" - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options