From d16b7e1f15e9c7abe3db986850f5e60ff186c271 Mon Sep 17 00:00:00 2001
From: Louise Crow <louise.crow@gmail.com>
Date: Mon, 5 Jan 2015 17:10:29 +0000
Subject: Don't set 'same origin' policy for widget iframes.

Whilst this is a good security precaution in general, we want people to
display these widgets in iframes on other sites.
---
 app/controllers/widgets_controller.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/controllers/widgets_controller.rb')

diff --git a/app/controllers/widgets_controller.rb b/app/controllers/widgets_controller.rb
index 017d3a77f..a529e591b 100644
--- a/app/controllers/widgets_controller.rb
+++ b/app/controllers/widgets_controller.rb
@@ -9,6 +9,7 @@ require 'securerandom'
 class WidgetsController < ApplicationController
 
     before_filter :check_widget_config, :find_info_request
+    skip_before_filter :set_x_frame_options_header, :only => [:show]
 
     def show
         medium_cache
-- 
cgit v1.2.3