From 7b9c6459e3f74b2c8eeffc0c41c3dd8d5002c1e4 Mon Sep 17 00:00:00 2001
From: Devin Howard <devin@callysto.com>
Date: Fri, 19 Feb 2016 09:23:39 +0800
Subject: [PATCH] allow embedding

---
 app/controllers/application_controller.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 74d56340..fb29d7f3 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -2,6 +2,7 @@ class ApplicationController < ActionController::Base
   protect_from_forgery
 
   before_filter :get_invite_link
+  after_action :allow_embedding
   
   # this is for global login
   include ContentHelper
@@ -69,4 +70,11 @@ private
     safe_uri = (unsafe_uri.match(valid_url)) ? unsafe_uri : '//metamaps.cc/'
     @invite_link = "#{safe_uri}join" + (current_user ? "?code=#{current_user.code}" : "")
   end
+
+  def allow_embedding
+    #allow all
+    response.headers.except! 'X-Frame-Options'
+    # or allow a whitelist
+    # response.headers['X-Frame-Options'] = 'ALLOW-FROM http://blog.metamaps.cc'
+  end
 end