Set X_FRAME_OPTIONS Django setting to an allowed value

## Expected Behavior

No JS error related to the `X-Frame-Options` header should occur.

## Actual Behavior

The `X-Frame-Options` header value is set to `ALLOW`, which is not allowed (for reference, see https://developer.mozilla.org/fr/docs/Web/HTTP/Headers/X-Frame-Options), leading to the following Require.js dynamic loading error:

```
Error: Dynamic load not allowed: common/templates/components/system-feedback.underscore base.js:83:8563
```

## Steps to Reproduce

1. Go to the Studio (CMS) course details view
2. The following error message should appear in the browser console:

```
Invalid X-Frame-Options: “ALLOW” header from “https://cms.staging.foo.fr/settings/details/course-v1:Musicality+CS101+2019_T4” loaded into “https://cms.staging.foo.fr/course/course-v1:Musicality+CS101+2019_T4”.
```

## Specifications

- Version: at least `dogwood.3-fun-1.3.4` (I think all releases and flavors are impacted)
- Platform: Firefox 71 (Ubuntu GNU/Linux)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Set X_FRAME_OPTIONS Django setting to an allowed value #157

Expected Behavior

Actual Behavior

Steps to Reproduce

Specifications

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Set X_FRAME_OPTIONS Django setting to an allowed value #157

Description

Expected Behavior

Actual Behavior

Steps to Reproduce

Specifications

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions