aboutsummaryrefslogtreecommitdiffstats
path: root/guides/source/security.md
diff options
context:
space:
mode:
authoryuuji.yaginuma <yuuji.yaginuma@gmail.com>2018-01-28 16:00:33 +0900
committeryuuji.yaginuma <yuuji.yaginuma@gmail.com>2018-01-28 16:00:33 +0900
commita88eb9087260cca256c6faba40bf538d4a0289b3 (patch)
tree1538faceb74aaaa952bbf3b20fa305cb4778d281 /guides/source/security.md
parentc045637c94b702ab7ae4d624cc8f97087826c548 (diff)
downloadrails-a88eb9087260cca256c6faba40bf538d4a0289b3.tar.gz
rails-a88eb9087260cca256c6faba40bf538d4a0289b3.tar.bz2
rails-a88eb9087260cca256c6faba40bf538d4a0289b3.zip
Update `action_dispatch.default_headers` default value [ci skip]
This was changed with 5d7b70f and 428939b.
Diffstat (limited to 'guides/source/security.md')
-rw-r--r--guides/source/security.md5
1 files changed, 4 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md
index ab5a5a7a31..de0b523057 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -1070,7 +1070,10 @@ Every HTTP response from your Rails application receives the following default s
config.action_dispatch.default_headers = {
'X-Frame-Options' => 'SAMEORIGIN',
'X-XSS-Protection' => '1; mode=block',
- 'X-Content-Type-Options' => 'nosniff'
+ 'X-Content-Type-Options' => 'nosniff',
+ 'X-Download-Options' => 'noopen',
+ 'X-Permitted-Cross-Domain-Policies' => 'none',
+ 'Referrer-Policy' => 'strict-origin-when-cross-origin'
}
```