Merge pull request #4858 from Matt-Yorkley/3-0-embedded

[Spree 2.1] Fix embedded response headers
2026-01-24 20:36:49 +00:00 · 2020-02-28 11:12:16 +00:00
parent 1d0392e644 7124c6bb73
commit 95415cddbd
1 changed files with 2 additions and 1 deletions
--- a/app/services/embedded_page_service.rb
+++ b/app/services/embedded_page_service.rb
@@ -49,7 +49,8 @@ class EmbeddedPageService
  end

  def set_response_headers
-    @response.headers.delete 'X-Frame-Options'
+    @response.headers.except! 'X-Frame-Options'
+    @response.default_headers.except! 'X-Frame-Options'
    @response.headers['Content-Security-Policy'] = "frame-ancestors 'self' #{@embedding_domain}"
  end