Added X-Content-Type-Options to the header defaults.

With a value of "nosniff", this prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
author: Jim Jones <jjones@aantix.com> 2012-08-18 15:29:58 -0700
committer: Jim Jones <jjones@aantix.com> 2012-08-18 15:29:58 -0700
commit: 4848bf321b34cc06990bf6e3e10cbadaf992bc37 (patch)
tree: c287546075524fa619e965de5ca315fd654ebf7e /actionpack/lib/action_dispatch
parent: db78e58294c5e4ee6fb960c79f882c80b22afbcf (diff)
download: rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.tar.gz
rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.tar.bz2
rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/railtie.rb b/actionpack/lib/action_dispatch/railtie.rb
index 0dcf1fc4fe..5aad8dd23a 100644
--- a/actionpack/lib/action_dispatch/railtie.rb
+++ b/actionpack/lib/action_dispatch/railtie.rb
@@ -21,7 +21,8 @@ module ActionDispatch
 
     config.action_dispatch.default_headers = {
       'X-Frame-Options' => 'SAMEORIGIN',
-      'X-XSS-Protection' => '1; mode=block'
+      'X-XSS-Protection' => '1; mode=block',
+      'X-Content-Type-Options' => 'nosniff'
     }
 
     initializer "action_dispatch.configure" do |app|
author	Jim Jones <jjones@aantix.com>	2012-08-18 15:29:58 -0700
committer	Jim Jones <jjones@aantix.com>	2012-08-18 15:29:58 -0700
commit	4848bf321b34cc06990bf6e3e10cbadaf992bc37 (patch)
tree	c287546075524fa619e965de5ca315fd654ebf7e /actionpack/lib/action_dispatch
parent	db78e58294c5e4ee6fb960c79f882c80b22afbcf (diff)
download	rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.tar.gz rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.tar.bz2 rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.zip