发表新帖
发表新帖

Fix Rails oauth facebook x-frame-options sameorigin error

前端 未结
关注
2 1373
礼貌的吻别
礼貌的吻别 2021-02-10 02:49

I can\'t for the life of me get my Facebook canvas app to display. Chrome console displays this error and nothing shows up inside the iframe - it\'s blank:

Refus

2条回答
  • 梦如初夏
    梦如初夏 (楼主)
    2021-02-10 03:15

    I found this part of the edge guide, which explains Rails 4's default headers, to be useful:

    http://edgeguides.rubyonrails.org/security.html#default-headers

    Here is the main point, copied and pasted:

    Every HTTP response from your Rails application receives the following default security headers.

    config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN', 'X-XSS-Protection' => '1; mode=block',
    'X-Content-Type-Options' => 'nosniff' }

    You can configure defaultheaders in config/application.rb.

    config.action_dispatch.default_headers = { 'Header-Name' => 'Header-Value', 'X-Frame-Options' => 'DENY' }

    Or you can remove them.

    config.action_dispatch.default_headers.clear

    0 讨论(0)
 看不清?
提交回复
热议问题