当前位置: 首页 > 工具软件 > X-TRACK > 使用案例 >

Rails 使用iframe报错:IFRAME: Refused to display document because display forbidden by X-Frame-Options

狄冠宇
2023-12-01
第一步:在layout目录下的application.html.erb文件中添加:
<meta http-equiv="X-Frame-Options" content="GOFORIT">
例如:
<!DOCTYPE html>
<html>
<head>
  <title>电子病历系统</title>
  <%= stylesheet_link_tag    "application", media: "all", "data-turbolinks-track" => true %>
  <%= javascript_include_tag "application", "data-turbolinks-track" => true %>
  <meta http-equiv="X-Frame-Options" content="GOFORIT">
  <%= csrf_meta_tags %>
</head>
<body>

<%= yield %>

</body>
</html>

第二步:在controllers目录下的application_controller.rb添加:

 protect_from_forgery with: :exception
  before_filter :add_xframe
  def add_xframe
    headers['X-Frame-Options'] = 'GOFORIT'
  end

例如:

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception
  before_filter :add_xframe
  def add_xframe
    headers['X-Frame-Options'] = 'GOFORIT'
  end
end

这样浏览器会报如下警告信息:

'Invalid 'X-Frame-Options' header encountered when loading....GOFORIT' is not a recognized directive. The header will be ignored.

即把‘GOFORIT’换成‘ALLOWALL’就ok了

 类似资料: