How do I get Sinatra to refrain from adding the X-Frame-Options header?

后端未结

关注

 6  1816

南旧 2020-12-08 04:55

I am using Sinatra to return some IFRAME contents, and I\'d like to allow cross-domain src. Unfortunately, Sinatra is automatically adding an X-Frame-Options header to my re

6条回答

轻奢々 (楼主)

2020-12-08 05:31
Actually, the solution given by @matt is still working with Sinatra v1.4.5.

Yes, Sinatra is using Rack::Protection and according to Configuring attack protection

you could either disable protection at all (which is not recommended):
```
disable :protection
```
or only disable frame_options:
```
set :protection, :except => :frame_options
```
Other than that, if your problem is not because of X-Frame-Options, it may be Access-Control-Allow-Origin, then what you have to do is to add below line to your route before the return statement:
```
response['Access-Control-Allow-Origin'] = 'http://www.example.com/'
```
0 讨论(0)

查看其它6个回答
发布评论:

提交评论
- 加载中...