inspect x-frames options method

babz007 · babz007 · commit 5fd4d3c03e89 · 2024-09-16T22:38:42.000-04:00
diff --git a/app/controllers/lti13/launches_controller.rb b/app/controllers/lti13/launches_controller.rb
@@ -335,10 +335,11 @@ def launch_params
 
   #TODO: 
   #same origin issue with X-frame-Options
-  #remove hardcoded canvas instance and set a dynamic CSP to allow iframe
-  
+  #remove hardcoded canvas instance and set a dynamic CSP to allow iframe  
   def allow_iframe
     response.headers.except! 'X-Frame-Options'
+    Rails.logger.info "Response headers after removing X-Frame-Options: #{response.headers.inspect}"
+    puts "Response headers after removing X-Frame-Options: #{response.headers.inspect}"
     response.headers['Content-Security-Policy'] = "frame-ancestors 'self' https://canvas.endeavour.cs.vt.edu"
   end
 end
