I have a rails 4 application that loads an iframe in one of the views. I'm testing my app on staging using safari (it works on Chrome and Firefox) and I'm experiencing an X-Frame-Options rejection error. Inside of my developer tools in Safari, when I load the iFrame view I am receiving:

Refused to display 'https://demo.docusign.net/Signing/(X(1)S(xxxxx))/SessionTimeout.aspx?fi=xxxx' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'. 

I don't receive this error in Firefox or Chrome.

My rails code is as follows:

# application.rb config.action_dispatch.default_headers = { 'X-Frame-Options' => 'ALLOWALL' } # application_controller.rb def allow_iframe response.headers.delete('X-Frame-Options') end # iframe controller after_filter :allow_iframe, only: [:show, :signing_response] 

Any guidance on this issue would be appreciated.

I have a rails 4 application that loads an iframe in one of the views. I'm testing my app on staging using safari (it works on Chrome and Firefox) and I'm experiencing an X-Frame-Options rejection error. Inside of my developer tools in Safari, when I load the iFrame view I am receiving:

Refused to display 'https://demo.docusign.net/Signing/(X(1)S(xxxxx))/SessionTimeout.aspx?fi=xxxx' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'. 

I don't receive this error in Firefox or Chrome.

My rails code is as follows:

# application_controller.rb def allow_iframe response.headers.delete('X-Frame-Options') end # iframe controller before_filter :allow_iframe, only: [:show, :signing_response] 

Any guidance on this issue would be appreciated.