Cannot display my rails 4 app in iframe even if 'X-Frame-Options' is 'ALLOWALL'

ruby-on-rails responsive-design x-frame-options
Steve Robinson picture Steve Robinson · Jul 9, 2013 · Viewed 62.4k times · Source

I am trying to test a responsive design. I am using Rails 4. I know it sets 'X-Frame-Options' to SAME ORIGIN. So I overrided it in development.rb using

config.action_dispatch.default_headers = {
    'X-Frame-Options' => 'ALLOWALL'
  }

and it worked. I checked out the network request in the Chrome console and it is as follows:

enter image description here

But still websites like responsive.is and responsinator.com give me below error:

Refused to display 'http://localhost:3000/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'. about:blank:1

Whats going on??

Answer

Timrael picture Timrael · Jul 25, 2013

Try just to delete this header 'X-Frame-Options'. Maybe this way in controller:

before_filter :allow_iframe_requests
...
def allow_iframe_requests
  response.headers.delete('X-Frame-Options')
end

Related questions

Twitter Bootstrap & rails - center content and fix min width

In my html the content should be centered on screen and his width should never be greater then 950px. Since I want this same html to show on mobile and desktop I am using twitter bootstrap to make the layout …

Read More
Getting error: Peer authentication failed for user "postgres", when trying to get pgsql working with rails

I'm getting the error: FATAL: Peer authentication failed for user "postgres" when I try to make postgres work with Rails. Here's my pg_hba.conf, my database.yml, and a dump of the full trace. I changed authentication to md5 …

Read More
How to get a random number in Ruby

How do I generate a random number between 0 and n?

Read More