V3.0.1, forms, please wait, X-Frame-Options response header

Your software
My Mautic version is: 3.0.1
My PHP version is: 7.3

Site URL: https//torontoheadshot.com
Mautic URL: https//marketing.torontoheadshot.com

My problem is: Form submission from WP plugin stuck at Please Wait

These errors are showing in the log:
Chrome console: Refused to display ‘https://marketing.torontoheadshot.com/form/submit?formId=1’ in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’.

Steps I have tried to fix the problem:
I initially added “https://torontoheadshot.com” to the CORS Settings. Made no difference. I then disabled CORS completely and still get the error.

I have cleared out the Mautic cache as well as hosting cache and browser cache loading with devtools open.

The X-Frame-Options response header is being set on the Mautic side that is causing this error.

Filed BUG: https://github.com/mautic/mautic/issues/8988

TEST 1
I removed the shortcode form insert and inserted the form code by itself without the header script leaving the WP plugin installed. The form submitted and cleared itself but no sent confirmation was returned.


TEST 2
I added the script code with the WP plugin still installed and the form submitted but the please wait returned.


TEST 3
I removed the WP plugin and left the script tag on the form page. The form submitted did not clear itself and Please Wait remained.


TEST 4
Removed the plugin and the header script. The form submitted and cleared itself. No Please Wait was shown and no form confirmation was displayed

All tests we received by Mautic server and are shown in the results window for the form.

OK, further testing and server settings tests.

I run my websites on a Linode box managed bt Runcloud. Runcloud provides security settings by default. one of which is NGINX clickjacking protection. I’ve determined that this setting if turned on, causes this issue.

I’m not sure if this is something that Mautic can overcome with code.

2020-07-05 11_28_14-Window

This could still be considered a bug if it is possible to detect that this header is being added by the webserver the system requirements are not being met. Might help alleviate others headaches in determining why their forms are acting weird.