Update `action_dispatch.default_headers` default value [ci skip]

This was changed with 5d7b70f and 428939b.
author: yuuji.yaginuma <yuuji.yaginuma@gmail.com> 2018-01-28 16:00:33 +0900
committer: yuuji.yaginuma <yuuji.yaginuma@gmail.com> 2018-01-28 16:00:33 +0900
commit: a88eb9087260cca256c6faba40bf538d4a0289b3 (patch)
tree: 1538faceb74aaaa952bbf3b20fa305cb4778d281 /guides/source/security.md
parent: c045637c94b702ab7ae4d624cc8f97087826c548 (diff)
download: rails-a88eb9087260cca256c6faba40bf538d4a0289b3.tar.gz
rails-a88eb9087260cca256c6faba40bf538d4a0289b3.tar.bz2
rails-a88eb9087260cca256c6faba40bf538d4a0289b3.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md
index ab5a5a7a31..de0b523057 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -1070,7 +1070,10 @@ Every HTTP response from your Rails application receives the following default s
 config.action_dispatch.default_headers = {
   'X-Frame-Options' => 'SAMEORIGIN',
   'X-XSS-Protection' => '1; mode=block',
-  'X-Content-Type-Options' => 'nosniff'
+  'X-Content-Type-Options' => 'nosniff',
+  'X-Download-Options' => 'noopen',
+  'X-Permitted-Cross-Domain-Policies' => 'none',
+  'Referrer-Policy' => 'strict-origin-when-cross-origin'
 }
 ```
author	yuuji.yaginuma <yuuji.yaginuma@gmail.com>	2018-01-28 16:00:33 +0900
committer	yuuji.yaginuma <yuuji.yaginuma@gmail.com>	2018-01-28 16:00:33 +0900
commit	a88eb9087260cca256c6faba40bf538d4a0289b3 (patch)
tree	1538faceb74aaaa952bbf3b20fa305cb4778d281 /guides/source/security.md
parent	c045637c94b702ab7ae4d624cc8f97087826c548 (diff)
download	rails-a88eb9087260cca256c6faba40bf538d4a0289b3.tar.gz rails-a88eb9087260cca256c6faba40bf538d4a0289b3.tar.bz2 rails-a88eb9087260cca256c6faba40bf538d4a0289b3.zip