diff options
author | Jim Jones <jjones@aantix.com> | 2012-08-18 15:29:58 -0700 |
---|---|---|
committer | Jim Jones <jjones@aantix.com> | 2012-08-18 15:29:58 -0700 |
commit | 4848bf321b34cc06990bf6e3e10cbadaf992bc37 (patch) | |
tree | c287546075524fa619e965de5ca315fd654ebf7e /actionpack/lib/action_dispatch | |
parent | db78e58294c5e4ee6fb960c79f882c80b22afbcf (diff) | |
download | rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.tar.gz rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.tar.bz2 rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.zip |
Added X-Content-Type-Options to the header defaults.
With a value of "nosniff", this prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
Diffstat (limited to 'actionpack/lib/action_dispatch')
-rw-r--r-- | actionpack/lib/action_dispatch/railtie.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/railtie.rb b/actionpack/lib/action_dispatch/railtie.rb index 0dcf1fc4fe..5aad8dd23a 100644 --- a/actionpack/lib/action_dispatch/railtie.rb +++ b/actionpack/lib/action_dispatch/railtie.rb @@ -21,7 +21,8 @@ module ActionDispatch config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN', - 'X-XSS-Protection' => '1; mode=block' + 'X-XSS-Protection' => '1; mode=block', + 'X-Content-Type-Options' => 'nosniff' } initializer "action_dispatch.configure" do |app| |