Skip to content

Commit

Permalink
Always allow iframe
Browse files Browse the repository at this point in the history
  • Loading branch information
adambutler committed Feb 3, 2015
1 parent f2184b8 commit 1f6d2fb
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 5 deletions.
8 changes: 8 additions & 0 deletions app/controllers/application_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,12 @@ class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception

after_action :allow_iframe

private

def allow_iframe
response.headers.except! 'X-Frame-Options'
end
end
5 changes: 0 additions & 5 deletions app/controllers/questions_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ class QuestionsController < ApplicationController

before_filter :set_question, only: [:show, :results]
before_filter :check_secret_is_unique, only: [:create]
after_action :allow_iframe, only: [:show, :results]

def new
@question = Question.new
Expand Down Expand Up @@ -49,10 +48,6 @@ def question_params
params.require(:question).permit(:title, :secret)
end

def allow_iframe
response.headers.except! 'X-Frame-Options'
end

def check_secret_is_unique
if defined? params[:question][:secret]
if Question.where({secret: params[:question][:secret]}).exists?
Expand Down

0 comments on commit 1f6d2fb

Please sign in to comment.