From da394f463453dcb9bb5799f9f1263590b0b6bdac Mon Sep 17 00:00:00 2001
From: Kevin Pham <keevan.pham@gmail.com>
Date: Wed, 18 Aug 2021 17:02:54 +1000
Subject: [PATCH] Fix checks to match with core handling for allowframeemedding

lib/weblib.php:2285 states that it only passes the 'X-Frame-Options: sameorigin' setting if embedding is disabled AND if the user is not loading the page from the app.
---
 classes/output/mobile.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classes/output/mobile.php b/classes/output/mobile.php
index 3a8f91f1..4e59f002 100644
--- a/classes/output/mobile.php
+++ b/classes/output/mobile.php
@@ -27,7 +27,7 @@ public static function mobile_course_view($args) {
         global $DB, $CFG, $OUTPUT, $USER;
 
         $cmid = $args['cmid'];
-        if (!$CFG->allowframembedding) {
+        if (empty($CFG->allowframembedding) && !core_useragent::is_moodle_app()) {
             $context = \context_system::instance();
             if (has_capability('moodle/site:config', $context)) {
                 $template = 'mod_hvp/iframe_embedding_disabled';