How do I get Sinatra to refrain from adding the X-Frame-Options header?

后端未结

关注

 6  1819

南旧 2020-12-08 04:55

I am using Sinatra to return some IFRAME contents, and I\'d like to allow cross-domain src. Unfortunately, Sinatra is automatically adding an X-Frame-Options header to my re

6条回答

遥遥无期 (楼主)

2020-12-08 05:32

Another solution, and the one I ended up with in production, involves monkey-patching Rack::Protection::FrameOptions:

# This monkeypatch is needed to ensure the X-Frame-Options header is
# never set by rack-protection.
module Rack
  module Protection
    class FrameOptions < Base
      def call(env)
        status, headers, body = @app.call(env)
        [status, headers, body]
      end
    end
  end
end

0 讨论(0)

查看其它6个回答