diff options
| author | Santiago Pastorino <santiago@wyeworks.com> | 2012-08-10 13:19:06 -0300 |
|---|---|---|
| committer | Santiago Pastorino <santiago@wyeworks.com> | 2012-08-10 13:19:09 -0300 |
| commit | 0b11dbe2fe6d640d0cbaec9a2d2886fb384a8c5b (patch) | |
| tree | c8052dee7cd135297f1ed5e1c16f1fc478e9f725 | |
| parent | 5a0372f7dbfb092f84146985ed5b545fb45a5009 (diff) | |
| download | rails-0b11dbe2fe6d640d0cbaec9a2d2886fb384a8c5b.tar.gz rails-0b11dbe2fe6d640d0cbaec9a2d2886fb384a8c5b.tar.bz2 rails-0b11dbe2fe6d640d0cbaec9a2d2886fb384a8c5b.zip | |
Add 'X-Frame-Options' => 'SAMEORIGIN' and 'X-XSS-Protection' => '1; mode=block' CHANGELOG entry
| -rw-r--r-- | actionpack/CHANGELOG.md | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index fd8b38054e..880263ce87 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,5 +1,11 @@ ## Rails 4.0.0 (unreleased) ## +* Add 'X-Frame-Options' => 'SAMEORIGIN' and + 'X-XSS-Protection' => '1; mode=block' + as default headers. + + *Egor Homakov* + * Allow data attributes to be set as a first-level option for form_for, so you can write `form_for @record, data: { behavior: 'autosave' }` instead of `form_for @record, html: { data: { behavior: 'autosave' } }` *DHH* * Deprecate `button_to_function` and `link_to_function` helpers. |