From 5002f9bbcecda691f82e72918f992fca10a58b01 Mon Sep 17 00:00:00 2001
From: Niklas Kiefer <niklas.kiefer@student.hpi.de>
Date: Tue, 11 Apr 2017 12:19:41 +0200
Subject: [PATCH] allow iframe requests

---
 app/controllers/application_controller.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 617bab02..dfc25ca9 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -5,7 +5,7 @@ class ApplicationController < ActionController::Base
   MEMBER_ACTIONS = [:destroy, :edit, :show, :update]
 
   after_action :verify_authorized, except: [:help, :welcome]
-  before_action :set_locale
+  before_action :set_locale, :allow_iframe_requests
   protect_from_forgery(with: :exception)
   rescue_from Pundit::NotAuthorizedError, with: :render_not_authorized
 
@@ -29,4 +29,8 @@ class ApplicationController < ActionController::Base
 
   def welcome
   end
+
+  def allow_iframe_requests
+    response.headers.delete('X-Frame-Options')
+  end
 end