Ruby on rails 4 应用程序在 iframe 中不起作用 [英] Ruby on rails 4 app does not work in iframe

问题描述

如何通过 iframe 将我的 rails 应用程序嵌入到另一个网站?

How can I embed my rails app into another website via iframe?

它适用于 RoR 3，但不适用于 RoR 4:

It works nicely with RoR 3, but not with RoR 4:

<iframe src="http://myrailsapp.com/" width="100%" height="50" id="rails_iframe">error!</iframe>

我尝试在我的控制器中使用 verify_authenticity_token 和 protect_from_forgery 选项......似乎是别的东西(但我不确定).

I tried to use verify_authenticity_token and protect_from_forgery options in my controller... seems it's something else (but I'm not sure).

更新.例子:http://jsfiddle.net/zP329/

推荐答案

这与 Rails 4 默认启用附加安全协议有关:http://weblog.rubyonrails.org/2013/2/25/Rails-4-0-beta1/

This has to do with Rails 4 enabling additional security protocols by default: http://weblog.rubyonrails.org/2013/2/25/Rails-4-0-beta1/

在远程站点上破坏 iFrame 的设置是 X-Frame-Options.默认情况下，它设置为 SAMEORIGIN，以防止内容跨域加载:

The setting that breaks iFrames on remote sites is X-Frame-Options. By default, this is set to SAMEORIGIN, which prevents the content from being loading cross domain:

config.action_dispatch.default_headers = {
    'X-Frame-Options' => 'SAMEORIGIN'
}

您可以在此处阅读有关新的默认标头的信息:http://edgeguides.rubyonrails.org/security.html#default-headers

You can read about the new default headers here: http://edgeguides.rubyonrails.org/security.html#default-headers

为了允许 iFrame 跨域工作，您可以更改默认标头以允许 X-Frame 跨域.

In order to allow the iFrame to work cross domain, you can change the default headers to allow X-Frame across domain.

config.action_dispatch.default_headers = {
    'X-Frame-Options' => 'ALLOWALL'
}

这篇关于Ruby on rails 4 应用程序在 iframe 中不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！