Stephane PAQUET PRO said over 1 year ago on Creating Embedded Iframes :
It looks like a few things have changed over the last few months and `headers["X-Frame-Options"] = "allowall"` does not seem to be working anymore with recent browsers.

I found this Stackoverflow article about the topic https://stackoverflow.com/questions/67561924/ruby-on-rails-allow-embedding-of-your-website-in-other-sites-using-frame-ancesto and it appears that the "new" way of doing it is by overloading a Content Security Policy.

I ended up with the following content_security_policy.rb file
Rails.application.configure do
  config.content_security_policy do |policy|
    policy.default_src :self
    policy.frame_ancestors 'self', "*"
  end
end

You can also decide to not override the property on a case by case (controller level).

I still have one issue: making it work with nested routes
  resources :events do
    resources :questions, shallow: true
  end
the render template code in the example does not seem to be working as the URL is events/:event_id/questions :-(
But I will get something working at some point.
Cheers