openstreetmap/copyright barred from loading in a frame

Tom Hughes tom at
Sat Feb 14 15:28:27 UTC 2015

On 14/02/15 15:23, Ian Dees wrote:

> Tom, I think the secret is that he wants you to click the
> "OpenStreetMap" link on that page. It's supposed to load inside the
> iframe but doesn't.

Yes I understand that, but didn't see how it was going to help me.

> Chrome tells me:
> "Refused to display '' in a frame
> because it set 'X-Frame-Options' to 'SAMEORIGIN'."

Well if he had quoted that full error we wouldn't have had to round in 

> Sure enough, it looks like the X-Frame-Options header from the rails app
> is set to "SAMEORIGIN", which the browser apparently uses as a signal to
> prevent it from loading.

Right. I think that is a default that rails sets.

There's probably no harm in relaxing that for the copyright page, if 
that's possible of course, at least so long as it doesn't open a way for 
the surrounding page to steal the cookie, but I think that is supposed 
to be impossible.

Whether we want to encourage something as evil as frames is another 
matter of course ;-)


Tom Hughes (tom at

More information about the rails-dev mailing list