X-Frame-Options error on Iframe Option [Self Hosted]

I am trying to use the Iframe option on self hosted Invoice Ninja, but it seems invoice ninja is not creating the correct headers (even though I have put the main website’s invoice URL in the right field).

Here is the error message (xyz.com is not the real domain):
Refused to display ‘https://billing.xyz.com/client/sessionexpired’ in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’.
billing.xyz.com/client/sessionexpired Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE

Here are the headers sent by InvoiceNinja:
Cache-Control:no-cache
Connection:Keep-Alive
Content-Length:500
Content-Type:text/html; charset=UTF-8
Date:Wed, 10 May 2017 17:55:04 GMT
Keep-Alive:timeout=5, max=100
Location:https://billing.xyz.com/client/sessionexpired
Server:Apache/2.4.10
Set-Cookie:XSRF-TOKEN=111%3D; expires=Thu, 11-May-2017 01:55:04 GMT; Max-Age=28800; path=/
Set-Cookie:222%3D; expires=Thu, 11-May-2017 01:55:04 GMT; Max-Age=28800; path=/; httponly
X-Frame-Options:sameorigin

Maybe it’s related to the web server configuration.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

Invoice Ninja should be able to set this header to the respnse because it knows the full URL of iFrame page.
http://php.net/manual/en/function.header.php

I will try to manually add this header in Apache configuration for the meantime.

Thanks for the suggestion, we’ll look into it.