Rails 使用iframe报错：IFRAME: Refused to display document because display forbidden by X-Frame-Options

第一步：在layout目录下的application.html.erb文件中添加：

<meta http-equiv="X-Frame-Options" content="GOFORIT">

例如：

<!DOCTYPE html><html><head>  <title>电子病历系统</title>  <%= stylesheet_link_tag    "application", media: "all", "data-turbolinks-track" => true %>  <%= javascript_include_tag "application", "data-turbolinks-track" => true %>  <meta http-equiv="X-Frame-Options" content="GOFORIT">  <%= csrf_meta_tags %></head><body><%= yield %></body></html>

第二步:在controllers目录下的application_controller.rb添加：

 protect_from_forgery with: :exception  before_filter :add_xframe  def add_xframe    headers['X-Frame-Options'] = 'GOFORIT'  end

例如：

class ApplicationController < ActionController::Base  # Prevent CSRF attacks by raising an exception.  # For APIs, you may want to use :null_session instead.  protect_from_forgery with: :exception  before_filter :add_xframe  def add_xframe    headers['X-Frame-Options'] = 'GOFORIT'  endend

这样浏览器会报如下警告信息：

'Invalid 'X-Frame-Options' header encountered when loading....GOFORIT' is not a recognized directive. The header will be ignored.

即把‘GOFORIT’换成‘ALLOWALL’就ok了