good episode. thanks!

what's the point of `turbo_frame_tag` here? do we have an episode for this?

Using a turbo_frame_tag will allow us to make a request to the Rails server and replace the turbo_frame_tag with something else. In this case, we needed to create an input box with a value of the iframe element so it can be embedded. Since we're creating a token for the embedded link, we needed to get some response from the server with this new record's token.

You can do a search of episodes that reference turbo_frame_tags with code:turbo_frame_tag as the search params. https://www.driftingruby.com/episodes?query%5Bname%5D=code%3Aturbo_frame_tag

It looks like a few things have changed over the last few months and `headers["X-Frame-Options"] = "allowall"` does not seem to be working anymore with recent browsers.

I found this Stackoverflow article about the topic https://stackoverflow.com/questions/67561924/ruby-on-rails-allow-embedding-of-your-website-in-other-sites-using-frame-ancesto and it appears that the "new" way of doing it is by overloading a Content Security Policy.

I ended up with the following content_security_policy.rb file

You can also decide to not override the property on a case by case (controller level).

I still have one issue: making it work with nested routes

the render template code in the example does not seem to be working as the URL is events/:event_id/questions :-(
But I will get something working at some point.
Cheers