dev said 6 months ago on Creating Embedded Iframes :
good episode. thanks!

Minh Vu said 5 months ago on Creating Embedded Iframes :
what's the point of `turbo_frame_tag` here? do we have an episode for this?

David Kimura PRO said 5 months ago on Creating Embedded Iframes :
Using a turbo_frame_tag will allow us to make a request to the Rails server and replace the turbo_frame_tag with something else. In this case, we needed to create an input box with a value of the iframe element so it can be embedded. Since we're creating a token for the embedded link, we needed to get some response from the server with this new record's token.

You can do a search of episodes that reference turbo_frame_tags with code:turbo_frame_tag as the search params.

Stephane PAQUET PRO said 6 days ago on Creating Embedded Iframes :
It looks like a few things have changed over the last few months and `headers["X-Frame-Options"] = "allowall"` does not seem to be working anymore with recent browsers.

I found this Stackoverflow article about the topic and it appears that the "new" way of doing it is by overloading a Content Security Policy.

I ended up with the following content_security_policy.rb file
Rails.application.configure do
  config.content_security_policy do |policy|
    policy.default_src :self
    policy.frame_ancestors 'self', "*"

You can also decide to not override the property on a case by case (controller level).

I still have one issue: making it work with nested routes
  resources :events do
    resources :questions, shallow: true
the render template code in the example does not seem to be working as the URL is events/:event_id/questions :-(
But I will get something working at some point.

Login to Comment