IE 11 Iframe Weird X-Frame-Options but Working Setting

Jul 24th, 2019 • Permalink

After research 1 hours, I answered in the SO

def cors_set_access_control_headers
  headers["Access-Control-Allow-Origin"] = "*"
  headers["Access-Control-Allow-Methods"] = "GET"
  headers["Access-Control-Request-Method"] = "*"
  headers["Access-Control-Allow-Headers"] = "Origin, X-Requested-With, Content-Type, Accept, Authorization"
  headers["X-Frame-Options"] = "ALLOW-FROM http://172.16.1.159"
  headers["X-XSS-Protection"] = "0"
end

Comments