[英]How do i allow my app to be loaded in an iframe by a couple of sites?
I am developing a rails application that clients can embed on their sites using iframes. 我正在开发一个Rails应用程序,客户可以使用iframe将其嵌入到他们的网站中。 I am looking for a way to allow only my clients to embed the app. 我正在寻找一种只允许我的客户嵌入应用程序的方法。 I am familiar with the x-frame options, ie: 我熟悉x帧选项,即:
response.headers["X-Frame-Options"] = "ALLOW-FROM http://www.example.com"
(from X-Frame-Options ALLOW-FROM a specific site allows from all ) (从X-Frame-Options ALLOW-FROM允许特定站点从所有站点访问 )
Is there a way to allow a number of sites? 有没有办法允许多个站点?
ok, Octopus-Paul put me on the right track. 好吧,章鱼保罗让我走上了正轨。 I resolved this with the following code in application.rb: 我使用application.rb中的以下代码解决了此问题:
config.action_dispatch.default_headers = {
referer = request.headers['Referer']
site = 'http://www.example.com'
if (referer =~ Regexp.new "\\A#{site}")
'X-Frame-Options' => 'ALLOWALL'
else
'X-Frame-Options' => 'SAMEORIGIN'
end
}
now i just need to scan a list of allowed sites using this code, and i'm done, i guess. 现在,我只需要使用此代码来扫描允许的站点列表,我想我已经完成了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.