diff --git a/app/controllers/active_storage/disk_controller_decorator.rb b/app/controllers/active_storage/disk_controller_decorator.rb
index 14366a15..0634a2ec 100644
--- a/app/controllers/active_storage/disk_controller_decorator.rb
+++ b/app/controllers/active_storage/disk_controller_decorator.rb
@@ -6,6 +6,16 @@ module ActiveStorage
     extend ActiveSupport::Concern
 
     included do
+      alias_method :original_show, :show
+
+      # Permitir incrustar archivos subidos (especialmente PDFs) desde
+      # otros sitios.
+      def show
+        original_show.tap do |s|
+          response.headers.delete 'X-Frame-Options'
+        end
+      end
+
       # Asociar el archivo subido al sitio correspondiente.  Cada sitio
       # tiene su propio servicio de subida de archivos.
       def update
diff --git a/app/models/metadata_template.rb b/app/models/metadata_template.rb
index e210fd2c..97a631c1 100644
--- a/app/models/metadata_template.rb
+++ b/app/models/metadata_template.rb
@@ -198,7 +198,7 @@ MetadataTemplate = Struct.new(:site, :document, :name, :label, :type,
 
   def allowed_attributes
     @allowed_attributes ||= %w[style href src alt controls data-align data-multimedia data-multimedia-inner id
-                               name rel target referrerpolicy].freeze
+                               name rel target referrerpolicy class].freeze
   end
 
   def allowed_tags
diff --git a/app/models/site.rb b/app/models/site.rb
index 4de54a0e..81e387d1 100644
--- a/app/models/site.rb
+++ b/app/models/site.rb
@@ -496,7 +496,7 @@ class Site < ApplicationRecord
     config.theme = design.gem unless design.no_theme?
     config.description = description
     config.title = title
-    config.url = url
+    config.url = url(slash: false)
     config.hostname = hostname
   end