We recently started leveraging the x-frame-options security settings on templates and set it to "sameorigin". We've noticed this works ok with partners iframing us on a different subdomain, except in rare circumstances where the apex page includes a modal that submits. When the submissions happens, we're getting the standard sameorigin violation error (presents differently per browser).
I was wondering if anyone had had this issue or had any suggestions on fixing it?