iFrame options

Gemfile.lock

@@ -148,8 +148,7 @@ GEM
     sdoc (0.4.2)
       json (~> 1.7, >= 1.7.7)
       rdoc (~> 4.0)
-    secure_headers (5.0.5)
+    secure_headers (6.0.0)
-      useragent (>= 0.15.0)
     sidekiq (5.1.3)
       concurrent-ruby (~> 1.0)
       connection_pool (~> 2.2, >= 2.2.0)
@@ -175,7 +174,6 @@ GEM
       thread_safe (~> 0.1)
     uglifier (4.1.10)
       execjs (>= 0.3.0, < 3)
-    useragent (0.16.10)
     web-console (3.5.1)
       actionview (>= 5.0)
       activemodel (>= 5.0)

config/application.rb

@@ -40,14 +40,14 @@ module Neeto
     end
 
     config.action_dispatch.default_headers = {
-        'X-Frame-Options' => 'ALLOWALL'
+      'X-Frame-Options' => 'ALLOWALL'
     }
 
     SecureHeaders::Configuration.default do |config|
+      config.x_frame_options = "ALLOWALL"
       config.csp = {
         # "meta" values. these will shape the header, but the values are not included in the header.
          preserve_schemes: true, # default: false. Schemes are removed from host sources to save bytes and discourage mixed content.
-
          # directive values: these values will directly translate into source directives
          default_src: %w(https: 'self'),
          base_uri: %w('self'),