Go to Qiita Advent Calendar 2024 Top
LoginSignup
11
4

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@keisuke_kimura(Keisuke Kimura)

Railsでiframeの表示を許可したい

Posted at

Railsでiframeで呼ばれるwidgetを作っていたのですが、Railsアプリにはデフォルトで以下のオプションが付いてます。


X-Frame-Options SAMEORIGIN

X-Frame-Optionsとはなんぞや?という方はこちら。
https://developer.mozilla.org/ja/docs/Web/HTTP/X-Frame-Options

この設定のままだと、自身のドメインからしかiframeを表示できないので、application_controllerで以下の記述を入れていきます。

すべてのURLから許可する場合

response.headers['X-Frame-Options'] = 'ALLOWALL'

特定のURLからのみ許可する場合

response.headers['X-Frame-Options'] = 'ALLOW-FROM http://example.com'
11
4
1

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
11
4

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?