Project

General

Profile

Actions
Copy link

Defect #26132

closed

Redmine site cannot be displayed in an iframe

Added by CM Gui over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Administration
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:
3.3.0

Description

We used to be able to display our Redmine site in an iframe. But after upgrading to 3.3.0 last September, we are unable to display our site in an iframe. We get this error from the browser: "To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame."
Is there any way we can make our Redmine site display in an iframe again?
Thank you very much.

Actions
Copy link
 #1

Updated by Toshi MARUYAMA over 7 years ago

  • Status changed from New to Closed
  • Resolution set to Invalid
Actions
Copy link
 #2

Updated by CM Gui over 7 years ago

  • Status changed from Closed to Reopened

Thank you Toshi for the very fast response, but we are using Thin and Nginx. There is no X-Frame-Options option in our nginx.conf, and so it must be Thin or Ruby Rails? We think the thin config file is /etc/default/thin but there is also no X-Frame-Options in it. So it must be Ruby Rails? Can you advise us where the config file for Ruby Rails is located so that we can remove the X-Frame-Options ? We are not familiar with Ruby at all. We googled for information but still cannot figure out how to configure Ruby to remove the X-Frame-Options. It is not in config/application.rb. Thank you once again.

[[http://techqa.info/programming/question/13929693/thin-web-server---x-frame-options-configuration]]

[[https://coderwall.com/p/2d0phq/rails-4-allow-your-site-to-be-iframed-by-another-site
]]

Actions
Copy link
 #3

Updated by Toshi MARUYAMA over 7 years ago

  • Status changed from Reopened to Closed

Please ask Thin or Nginx or Rails community.
Or you can modify this file.
source:tags/3.3.3/app/views/layouts/base.html.erb

Actions
Copy link
 #4

Updated by Toshi MARUYAMA over 7 years ago

Reference from https://coderwall.com/p/2d0phq/rails-4-allow-your-site-to-be-iframed-by-another-site

config.action_dispatch.default_headers = {
    'X-Frame-Options' => 'ALLOWALL'
}

You can use source:tags/3.3.3/config/additional_environment.rb.example

Actions
Copy link
 #5

Updated by CM Gui over 7 years ago

Works now! Thank you so much Toshi and have a nice weekend.

Adding the code from coderwall to config/additional_environment.rb.example did the trick.

Actions
Copy link

Also available in: Atom PDF