Menu
How can I embed my rails app into another website via iframe?
It works nicely with RoR 3, but not with RoR 4:
<iframe src="http://myrailsapp.com/" width="100%" height="50" id="rails_iframe">error!</iframe> I tried to use verify_authenticity_token and protect_from_forgery options in my controller... seems it's something else (but I'm not sure).
upd. Example: http://jsfiddle.net/zP329/
335
This has to do with Rails 4 enabling additional security protocols by default: http://weblog.rubyonrails.org/2013/2/25/Rails-4-0-beta1/
The setting that breaks iFrames on remote sites is X-Frame-Options. By default, this is set to SAMEORIGIN, which prevents the content from being loading cross domain:
config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN' } You can read about the new default headers here: http://edgeguides.rubyonrails.org/security.html#default-headers
In order to allow the iFrame to work cross domain, you can change the default headers to allow X-Frame across domain.
config.action_dispatch.default_headers = { 'X-Frame-Options' => 'ALLOWALL' } If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
