spacecruft
/
Farmbot-Web-App
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Disable config.x_frame_options

pull/1240/head
Rick Carlino 2019-06-19 12:45:46 -05:00
parent 334f8edf18
commit bb3d7fa81e
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
config/application.rb
View File

@ -49,15 +49,14 @@ module FarmBot
SecureHeaders::Configuration.default do |config|
config.hsts = "max-age=#{1.week.to_i}"
# We need this off in dev mode otherwise email previews won't show up.
config.x_frame_options = "DENY" if Rails.env.production?
puts "Don't forget to uncomment this!!!"
# config.x_frame_options = "DENY" if Rails.env.production?
config.x_content_type_options = "nosniff"
config.x_xss_protection = "1; mode=block"
config.x_download_options = "noopen"
config.x_permitted_cross_domain_policies = "none"
config.referrer_policy = %w(
origin-when-cross-origin
strict-origin-when-cross-origin
)
config.referrer_policy =
%w(origin-when-cross-origin strict-origin-when-cross-origin)
connect_src = ALL_LOCAL_URIS + [
ENV["MQTT_HOST"],
"api.github.com",