无法将iFrame加载到模态中

Question

使用我在jsfiddle上找到的一些代码，我试图从我的rails应用程序加载模型iFrame。 http://jsfiddle.net/f2Fcd/

我认为通过跨站点脚本来阻止它。我怎么能绕过这个？

资产/ JavaScript的/ batch_details.js

$('a.btn').on('click', function(e) {
  e.preventDefault();
  var url = $(this).attr('href');
  $(".modal-body").html('<iframe width="100%" height="100%" frameborder="0" scrolling="no" allowtransparency="true" src="'+url+'"></iframe>');
});

视图/ batch_details / show.html.erb

<a data-toggle="modal" class="btn" href="http://www.bing.com" data-target="#myModal">click me</a>


<div class="modal hide fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
  <div class="modal-header">
    <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
    <h3 id="myModalLabel">Modal header</h3>
  </div>
  <div class="modal-body">
  </div>
</div>

javascript控制台中的错误消息

XMLHttpRequest cannot load http://www.bing.com/. Origin http://0.0.0.0:3000 is not allowed by Access-Control-Allow-Origin. 

修改

感谢@ amb110395的评论。到目前为止没有运气。

已添加到batch_details_controller

before_filter :cors_preflight_check
  after_filter :cors_set_access_control_headers

  # For all responses in this controller, return the CORS access control headers.

  def cors_set_access_control_headers
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
    headers['Access-Control-Max-Age'] = "1728000"
  end

  # If this is a preflight OPTIONS request, then short-circuit the
  # request, return only the necessary headers and return an empty
  # text/plain.

  def cors_preflight_check
    if request.method == :options
      headers['Access-Control-Allow-Origin'] = '*'
      headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
      headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version'
      headers['Access-Control-Max-Age'] = '1728000'
      render :text => '', :content_type => 'text/plain'
    end
  end

我已发布请求已发送（我也更改了网站）：

Request URL:http://genome.ucsc.edu/cgi-bin/hgTracks?db=hg19&position=chr12:56360553-56366568
Request Headersview source
Accept:text/html, */*; q=0.01
Origin:http://0.0.0.0:3000
Referer:http://0.0.0.0:3000/batches/273/batch_details/7150
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36
Query String Parametersview sourceview URL encoded
db:hg19
position:chr12:56360553-56366568

相同错误：

XMLHttpRequest cannot load http://genome.ucsc.edu/cgi-bin/hgTracks?db=hg19&position=chr12:56360553-56366568. Origin http://0.0.0.0:3000 is not allowed by Access-Control-Allow-Origin. 

编辑2

纯粹出于挫折感，我还尝试评论 protect_from_forgery ，但这并不起作用，并让我认为它可能是另一回事。有什么想法吗？

class ApplicationController < ActionController::Base
  #protect_from_forgery
  ....