Loading in an IFRAME - rubycas/rubycas-server GitHub Wiki

Some browser will by default block RubyCAS-Server from loading inside an IFRAME. This is because for security reasons RubyCAS-Server sends out an X-Frame-Options header that instructs the browser to prevent loading inside an IFRAME when loaded from a parent page on a different domain.

If you really want to to be able to load RubyCAS-Server pages inside an IFRAME, you'll have to explicitly remove this header. Under Apache this can be done by enabling the mod_headers module and adding this configuration line to your RubyCAS-Server vhost config:

# allow rubycas to be loaded in a frame
Header always unset X-Frame-Options