如何让Sinatra避免添加X-Frame-Options标头? [英] How do I get Sinatra to refrain from adding the X-Frame-Options header?
问题描述
我正在使用Sinatra返回一些IFRAME内容,我想允许跨域src。不幸的是,Sinatra会自动在我的回复中添加一个X-Frame-Options标头。如何关闭它?
I am using Sinatra to return some IFRAME contents, and I'd like to allow cross-domain src. Unfortunately, Sinatra is automatically adding an X-Frame-Options header to my response. How do I turn that off?
推荐答案
Sinatra使用 Rack :: Protection ,特别是 frame_options
选项,这是设置 X的原因-Frame-Options
header。
Sinatra uses Rack::Protection, in particular the frame_options
option, which is what is setting the X-Frame-Options
header.
你可以配置使用哪种保护措施。默认情况下,Sinatra会将其中大部分打开,(有些只在你使用会话时启用,而Rack :: Protection本身默认不启用)。
You can configure which protections are used. Sinatra turns most of them on by default, (some are only enabled if you also are using sessions, and Rack::Protection itself doesn't enable some by default).
要防止发送 X-Frame-Options
标题,您需要禁用 frame_options
,如下所示:
To prevent sending the X-Frame-Options
header you need to disable frame_options
like this:
set :protection, :except => :frame_options
这篇关于如何让Sinatra避免添加X-Frame-Options标头?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!