From 7c01b22159836243c4dd5f00faf0d0d0ce693dd1 Mon Sep 17 00:00:00 2001
From: Mo Bitar <me@bitar.io>
Date: Mon, 27 Feb 2017 09:12:30 -0600
Subject: [PATCH] allow iframe

---
 app/controllers/application_controller.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 2d6b04dea..43b6f0688 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,10 +1,10 @@
 class ApplicationController < ActionController::Base
-  # Prevent CSRF attacks by raising an exception.
-  # For APIs, you may want to use :null_session instead.
 
   protect_from_forgery with: :null_session
   after_action :set_csrf_cookie
 
+  after_action :allow_iframe
+
   layout :false
 
   def frontend
@@ -13,8 +13,13 @@ class ApplicationController < ActionController::Base
 
   rescue_from ActionView::MissingTemplate do |exception|
   end
+
   protected
 
+  def allow_iframe
+    response.headers.except! 'X-Frame-Options'
+  end
+
   def set_app_domain
     @appDomain = request.domain
     @appDomain << ':' + request.port.to_s unless request.port.blank?