Cannot display my rails 4 app in iframe even if 'X-Frame-Options' is 'ALLOWALL'

ruby-on-rails responsive-design x-frame-options

I am trying to test a responsive design. I am using Rails 4. I know it sets 'X-Frame-Options' to SAME ORIGIN. So I overrided it in development.rb using

config.action_dispatch.default_headers = {
    'X-Frame-Options' => 'ALLOWALL'
  }

and it worked. I checked out the network request in the Chrome console and it is as follows:

enter image description here

But still websites like responsive.is and responsinator.com give me below error:

Refused to display 'http://localhost:3000/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'. about:blank:1

Whats going on??


Try just to delete this header 'X-Frame-Options'. Maybe this way in controller:

before_filter :allow_iframe_requests
...
def allow_iframe_requests
  response.headers.delete('X-Frame-Options')
end

I had the same problem as you, and searched for a solution to this problem all night.

I finally found out why it happens. It's because of the Chrome cache.

You can see the header['X-Frame-Options'] is ALLOWALL but it doesn't work.

Just try to open a "New Incognito Window" and go the same page and it works!

This problem only happened in development mode in my test. It worked fine in production mode.

Related

parameterized test with cartesian product of arguments in pytest
FBSOpenApplicationErrorDomain Code=3
Java synchronized method
Laravel Model with Two Primary Keys update [duplicate]
how to change the opacity of the snackbar in flutter?
Better way of saying "in order to demonstrate this"
"In case" vs "if"?
Is there an expression similar to this Portuguese phrase?
Informal phrase for finally doing something pending - very specific
What is the word for fear of fear?
Is there a word or phrase for "running away from home to avoid an arranged marriage"
What does "alright" mean when it's at the end of a sentence?