search

aantix / turkee

Blurring the line between Mechanical Turk, Rails and usability testing..
http://github.com/aantix/turkee
MIT License
152 stars 39 forks source link

Rails 4 and X-Frame-Options defaults to same origin #22

Closed cheolhom closed 11 years ago

cheolhom commented 11 years ago

No pages were displays in iframe. The X-frame-option needs to be updated to allow-all or allow-from. A warning should be added.

aantix commented 11 years ago

Be sure that you specify an 'allowall' for the x-frame-option : 

config.action_dispatch.default_headers = {
    'X-Frame-Options' => 'ALLOWALL'
}