Eric Guo's blog.cloud-mes.com

Hoping writing JS, Ruby & Rails and Go article, but fallback to DevOps note

IE 11 Iframe Weird X-Frame-Options but Working Setting

Permalink

After research 1 hours, I answered in the SO

def cors_set_access_control_headers
headers["Access-Control-Allow-Origin"] = "*"
headers["Access-Control-Allow-Methods"] = "GET"
headers["Access-Control-Request-Method"] = "*"
headers["Access-Control-Allow-Headers"] = "Origin, X-Requested-With, Content-Type, Accept, Authorization"
headers["X-Frame-Options"] = "ALLOW-FROM http://172.16.1.159"
headers["X-XSS-Protection"] = "0"
end

Comments