diff options
| author | Alexey Markov <piton4eg@mail.ru> | 2015-08-21 10:19:38 +0300 |
|---|---|---|
| committer | Alexey Markov <piton4eg@mail.ru> | 2015-08-21 10:19:38 +0300 |
| commit | 0b18876e153d96f2bda0e1762a32c29235004398 (patch) | |
| tree | 6cff4bcbeca07d72ba6c315c9a10f5d9c4e2457d /guides/source/security.md | |
| parent | 81cec09aac1244eb6d59d2654712afd394bef755 (diff) | |
| download | rails-0b18876e153d96f2bda0e1762a32c29235004398.tar.gz rails-0b18876e153d96f2bda0e1762a32c29235004398.tar.bz2 rails-0b18876e153d96f2bda0e1762a32c29235004398.zip | |
Add bold to lists' titles [ci skip]
Diffstat (limited to 'guides/source/security.md')
| -rw-r--r-- | guides/source/security.md | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index 79ddbd50bd..850d111bd7 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -1014,12 +1014,12 @@ config.action_dispatch.default_headers.clear Here is a list of common headers: -* X-Frame-Options - _'SAMEORIGIN' in Rails by default_ - allow framing on same domain. Set it to 'DENY' to deny framing at all or 'ALLOWALL' if you want to allow framing for all website. -* X-XSS-Protection - _'1; mode=block' in Rails by default_ - use XSS Auditor and block page if XSS attack is detected. Set it to '0;' if you want to switch XSS Auditor off(useful if response contents scripts from request parameters) -* X-Content-Type-Options - _'nosniff' in Rails by default_ - stops the browser from guessing the MIME type of a file. -* X-Content-Security-Policy - [A powerful mechanism for controlling which sites certain content types can be loaded from](http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html) -* Access-Control-Allow-Origin - Used to control which sites are allowed to bypass same origin policies and send cross-origin requests. -* Strict-Transport-Security - [Used to control if the browser is allowed to only access a site over a secure connection](http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) +* **X-Frame-Options:** _'SAMEORIGIN' in Rails by default_ - allow framing on same domain. Set it to 'DENY' to deny framing at all or 'ALLOWALL' if you want to allow framing for all website. +* **X-XSS-Protection:** _'1; mode=block' in Rails by default_ - use XSS Auditor and block page if XSS attack is detected. Set it to '0;' if you want to switch XSS Auditor off(useful if response contents scripts from request parameters) +* **X-Content-Type-Options:** _'nosniff' in Rails by default_ - stops the browser from guessing the MIME type of a file. +* **X-Content-Security-Policy:** [A powerful mechanism for controlling which sites certain content types can be loaded from](http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html) +* **Access-Control-Allow-Origin:** Used to control which sites are allowed to bypass same origin policies and send cross-origin requests. +* **Strict-Transport-Security:** [Used to control if the browser is allowed to only access a site over a secure connection](http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) Environmental Security ---------------------- |