Rails 4 added a default X-Frame-Options HTTP header value of SAMEORIGIN. This is good for security, because browsers use this header to decide whether or not your site can be iframed by other sites.
However, sometimes you do want a particular action to be embeddable in another site. If you know the site which embeds the action, you can simply change the header to explicitly allow it
However, sometimes you do want a particular action to be embeddable in another site. If you know the site which embeds the action, you can simply change the header to explicitly allow it
view source
