如何让 Sinatra 避免添加 X-Frame-Options 标头? [英] How do I get Sinatra to refrain from adding the X-Frame-Options header?

问题描述

我正在使用 Sinatra 返回一些 IFRAME 内容，并且我想允许跨域 src.不幸的是，Sinatra 会自动将 X-Frame-Options 标头添加到我的响应中.我如何关闭它?

I am using Sinatra to return some IFRAME contents, and I'd like to allow cross-domain src. Unfortunately, Sinatra is automatically adding an X-Frame-Options header to my response. How do I turn that off?

推荐答案

Sinatra 使用 Rack::Protection，特别是 frame_options 选项，用于设置 X-Frame-Options 标头.

Sinatra uses Rack::Protection, in particular the frame_options option, which is what is setting the X-Frame-Options header.

您可以配置使用哪些保护.Sinatra 默认情况下会打开其中的大部分(有些仅在您还使用会话时才启用，而 Rack::Protection 本身默认不会启用某些).

You can configure which protections are used. Sinatra turns most of them on by default, (some are only enabled if you also are using sessions, and Rack::Protection itself doesn't enable some by default).

要防止发送 X-Frame-Options 标头，您需要像这样禁用 frame_options:

To prevent sending the X-Frame-Options header you need to disable frame_options like this:

set :protection, :except => :frame_options

这篇关于如何让 Sinatra 避免添加 X-Frame-Options 标头?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！