rmorawski/standardnotes-app-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow to be iframed

Browse Source
This commit is contained in:
Mo Bitar
2018-02-16 08:22:43 -06:00
parent 1e718f88d0
commit f260476269
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/application_controller.rb
View File

@@ -3,7 +3,7 @@ class ApplicationController < ActionController::Base
protect_from_forgery with: :null_session protect_from_forgery with: :null_session
after_action :set_csrf_cookie after_action :set_csrf_cookie
after_filter :allow_iframe after_action :allow_iframe
layout :false layout :false

6
config/application.rb
View File

@@ -39,6 +39,10 @@ module Neeto
end end
end end
config.action_dispatch.default_headers = {
'X-Frame-Options' => 'ALLOWALL'
}
SecureHeaders::Configuration.default do |config| SecureHeaders::Configuration.default do |config|
config.csp = { config.csp = {
# "meta" values. these will shape the header, but the values are not included in the header. # "meta" values. these will shape the header, but the values are not included in the header.
@@ -52,7 +56,7 @@ module Neeto
connect_src: ["*"], connect_src: ["*"],
font_src: %w(* 'self'), font_src: %w(* 'self'),
form_action: %w('self'), form_action: %w('self'),
frame_ancestors: ["*"], frame_ancestors: ["*", "*.standardnotes.org"],
img_src: %w('self' * data:), img_src: %w('self' * data:),
manifest_src: %w('self'), manifest_src: %w('self'),
media_src: %w('self'), media_src: %w('self'),