如何让Sinatra避免添加X-Frame-Options标头？ [英] How do I get Sinatra to refrain from adding the X-Frame-Options header?

问题描述

我正在使用Sinatra返回一些IFRAME内容，我想允许跨域src。不幸的是，Sinatra会自动在我的回复中添加一个X-Frame-Options标头。如何关闭它？

I am using Sinatra to return some IFRAME contents, and I'd like to allow cross-domain src. Unfortunately, Sinatra is automatically adding an X-Frame-Options header to my response. How do I turn that off?

推荐答案

Sinatra使用 Rack :: Protection ，特别是 frame_options 选项，这是设置 X的原因-Frame-Options header。

Sinatra uses Rack::Protection, in particular the frame_options option, which is what is setting the X-Frame-Options header.

你可以配置使用哪种保护措施。默认情况下，Sinatra会将其中大部分打开，（有些只在你使用会话时启用，而Rack :: Protection本身默认不启用）。

You can configure which protections are used. Sinatra turns most of them on by default, (some are only enabled if you also are using sessions, and Rack::Protection itself doesn't enable some by default).

要防止发送 X-Frame-Options 标题，您需要禁用 frame_options ，如下所示：

To prevent sending the X-Frame-Options header you need to disable frame_options like this:

set :protection, :except => :frame_options

这篇关于如何让Sinatra避免添加X-Frame-Options标头？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！