diff options
| author | Louise Crow <louise.crow@gmail.com> | 2015-01-05 17:10:29 +0000 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2015-04-27 16:54:59 +0100 |
| commit | d16b7e1f15e9c7abe3db986850f5e60ff186c271 (patch) | |
| tree | 3a9c04c3f39080a6c729764ba5bef6ed60eec84b /app/controllers/widgets_controller.rb | |
| parent | b849d9b7d0fd68d9bc72a4dd0725f2fbb2d6aa86 (diff) | |
Don't set 'same origin' policy for widget iframes.
Whilst this is a good security precaution in general, we want people to
display these widgets in iframes on other sites.
Diffstat (limited to 'app/controllers/widgets_controller.rb')
| -rw-r--r-- | app/controllers/widgets_controller.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/controllers/widgets_controller.rb b/app/controllers/widgets_controller.rb index 017d3a77f..a529e591b 100644 --- a/app/controllers/widgets_controller.rb +++ b/app/controllers/widgets_controller.rb @@ -9,6 +9,7 @@ require 'securerandom' class WidgetsController < ApplicationController before_filter :check_widget_config, :find_info_request + skip_before_filter :set_x_frame_options_header, :only => [:show] def show medium_cache |