How do I get Sinatra to refrain from adding the X-Frame-Options header?

Question

I am using Sinatra to return some IFRAME contents, and I\'d like to allow cross-domain src. Unfortunately, Sinatra is automatically adding an X-Frame-Options header to my re

Answer 1

Sinatra uses Rack::Protection, in particular the frame_options option, which is what is setting the X-Frame-Options header.

You can configure which protections are used. Sinatra turns most of them on by default, (some are only enabled if you also are using sessions, and Rack::Protection itself doesn't enable some by default).

To prevent sending the X-Frame-Options header you need to disable frame_options like this:

set :protection, :except => :frame_options