Stephane PAQUET
PRO
said over 1 year ago
on
Creating Embedded Iframes
:
You can also decide to not override the property on a case by case (controller level).
I still have one issue: making it work with nested routes
It looks like a few things have changed over the last few months and `headers["X-Frame-Options"] = "allowall"` does not seem to be working anymore with recent browsers.
I found this Stackoverflow article about the topic https://stackoverflow.com/questions/67561924/ruby-on-rails-allow-embedding-of-your-website-in-other-sites-using-frame-ancesto and it appears that the "new" way of doing it is by overloading a Content Security Policy.
I ended up with the following content_security_policy.rb file
I found this Stackoverflow article about the topic https://stackoverflow.com/questions/67561924/ruby-on-rails-allow-embedding-of-your-website-in-other-sites-using-frame-ancesto and it appears that the "new" way of doing it is by overloading a Content Security Policy.
I ended up with the following content_security_policy.rb file
Rails.application.configure do
config.content_security_policy do |policy|
policy.default_src :self
policy.frame_ancestors 'self', "*"
end
end
You can also decide to not override the property on a case by case (controller level).
I still have one issue: making it work with nested routes
resources :events do
resources :questions, shallow: true
end
the render template code in the example does not seem to be working as the URL is events/:event_id/questions :-(
But I will get something working at some point.
Cheers
But I will get something working at some point.
Cheers