From d16b7e1f15e9c7abe3db986850f5e60ff186c271 Mon Sep 17 00:00:00 2001
From: Louise Crow <louise.crow@gmail.com>
Date: Mon, 5 Jan 2015 17:10:29 +0000
Subject: Don't set 'same origin' policy for widget iframes.

Whilst this is a good security precaution in general, we want people to
display these widgets in iframes on other sites.
---
 spec/controllers/widgets_controller_spec.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'spec/controllers/widgets_controller_spec.rb')

diff --git a/spec/controllers/widgets_controller_spec.rb b/spec/controllers/widgets_controller_spec.rb
index 28f6c1904..80c2d2f26 100644
--- a/spec/controllers/widgets_controller_spec.rb
+++ b/spec/controllers/widgets_controller_spec.rb
@@ -32,6 +32,11 @@ describe WidgetsController do
             assigns[:status].should == @info_request.calculate_status
         end
 
+        it 'should not send an x-frame-options header' do
+            get :show, :request_id => @info_request.id
+            response.headers["X-Frame-Options"].should be_nil
+        end
+
         context 'for a non-logged-in user' do
 
             context 'if no widget-vote cookie is set' do
-- 
cgit v1.2.3