Recently, I noticed that my hosted pages can no longer be loaded inside an iframe on my local environment or system. The browser console displays the following error message:
"Refused to display 'https://sfosdemo.bitbucket.io/' in a frame because it set 'X-Frame-Options' to 'deny'."
It appears that the server response headers for bitbucket.io have been updated to enforce X-Frame-Options: DENY globally.
Could you please confirm if this is a recent global security update on the bitbucket.io infrastructure?
Also, is there any configuration that allows users to override this header or allow a specific domain (origin) to display the page in an iframe? For example, by using a custom configuration file or setting a specific Content-Security-Policy (CSP)?
Thank you for your assistance.
