Skip to content

Option to embed Pact Broker in an iframe (overwrite X-Frame-Options) #401

Answered by bethesque
astrod0m asked this question in Q&A
Discussion options

You must be logged in to vote

Yes, that header is explicitly there to stop you doing exactly what you're doing ;) It's added by the Rack Protection gem here https://github.com/pact-foundation/pact_broker/blob/master/lib/pact_broker/app.rb#L175

There are a couple of options.

  • If you are hosting your broker behind a reverse proxy like ngnix, you could overwrite/delete that header in the response. I'll be honest, this is my preferred option because it means I don't have to do any work!
  • The underlying Ruby application, as you can see in the link above, has an option to disable Rack protection altogether, however, that would leave the application quite vulnerable, and I do not recommend this. There would also be work to ex…

Replies: 1 comment 1 reply

Comment options

You must be logged in to vote
1 reply
@astrod0m
Comment options

Answer selected by astrod0m
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants