htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove overwrite for X-Frame-Options

Browse Source 
* With current third-party-cookies being blocked by modern
browsers, CodeOcean won't work in an iFrame anyway.
This commit is contained in:
Sebastian Serth
2022-09-03 00:01:13 +02:00
parent 5b73f4df6f
commit b0130b8fae
1 changed files with 1 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/controllers/application_controller.rb
View File

@ -9,7 +9,7 @@ class ApplicationController < ActionController::Base
after_action :verify_authorized, except: %i[welcome] after_action :verify_authorized, except: %i[welcome]
around_action :mnemosyne_trace around_action :mnemosyne_trace
around_action :switch_locale around_action :switch_locale
before_action :set_sentry_context, :allow_iframe_requests, :load_embed_options before_action :set_sentry_context, :load_embed_options
protect_from_forgery(with: :exception, prepend: true) protect_from_forgery(with: :exception, prepend: true)
rescue_from Pundit::NotAuthorizedError, with: :render_not_authorized rescue_from Pundit::NotAuthorizedError, with: :render_not_authorized
rescue_from ActionController::InvalidAuthenticityToken, with: :render_csrf_error rescue_from ActionController::InvalidAuthenticityToken, with: :render_csrf_error
@ -96,10 +96,6 @@ class ApplicationController < ActionController::Base
# Show root page # Show root page
end end
def allow_iframe_requests
response.headers.delete('X-Frame-Options')
end
def load_embed_options def load_embed_options
@embed_options = if session[:embed_options].present? && session[:embed_options].is_a?(Hash) @embed_options = if session[:embed_options].present? && session[:embed_options].is_a?(Hash)
session[:embed_options].symbolize_keys session[:embed_options].symbolize_keys