如何让 Sinatra 避免添加 X-Frame-Options 标头? [英] How do I get Sinatra to refrain from adding the X-Frame-Options header?
问题描述
我正在使用 Sinatra 返回一些 IFRAME 内容,并且我想允许跨域 src.不幸的是,Sinatra 会自动将 X-Frame-Options 标头添加到我的响应中.我如何关闭它?
I am using Sinatra to return some IFRAME contents, and I'd like to allow cross-domain src. Unfortunately, Sinatra is automatically adding an X-Frame-Options header to my response. How do I turn that off?
推荐答案
Sinatra 使用 Rack::Protection,特别是 frame_options
选项,用于设置 X-Frame-Options
标头.
Sinatra uses Rack::Protection, in particular the frame_options
option, which is what is setting the X-Frame-Options
header.
您可以配置使用哪些保护.Sinatra 默认情况下会打开其中的大部分(有些仅在您还使用会话时才启用,而 Rack::Protection 本身默认不会启用某些).
You can configure which protections are used. Sinatra turns most of them on by default, (some are only enabled if you also are using sessions, and Rack::Protection itself doesn't enable some by default).
要防止发送 X-Frame-Options
标头,您需要像这样禁用 frame_options
:
To prevent sending the X-Frame-Options
header you need to disable frame_options
like this:
set :protection, :except => :frame_options
这篇关于如何让 Sinatra 避免添加 X-Frame-Options 标头?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!