How do I get Sinatra to refrain from adding the X-Frame-Options header?

Question

I am using Sinatra to return some IFRAME contents, and I\'d like to allow cross-domain src. Unfortunately, Sinatra is automatically adding an X-Frame-Options header to my re

Answer 1

I think I found a good way to handle this but would welcome feedback

The goal is to disable the X-Frame-Options just for one route to keep all the rack protection benefits:

    app.get'/hello_world' do
      headers({ 'X-Frame-Options' => '' })
      "HELLO WORLD"
    end

I believe this is a good option as it seems to prevent the rack protection from adding the SAMEORIGIN header on this one route