diff options
author | Jim Jones <jjones@aantix.com> | 2012-08-18 15:29:58 -0700 |
---|---|---|
committer | Jim Jones <jjones@aantix.com> | 2012-08-18 15:29:58 -0700 |
commit | 4848bf321b34cc06990bf6e3e10cbadaf992bc37 (patch) | |
tree | c287546075524fa619e965de5ca315fd654ebf7e /guides/source | |
parent | db78e58294c5e4ee6fb960c79f882c80b22afbcf (diff) | |
download | rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.tar.gz rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.tar.bz2 rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.zip |
Added X-Content-Type-Options to the header defaults.
With a value of "nosniff", this prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
Diffstat (limited to 'guides/source')
-rw-r--r-- | guides/source/configuring.textile | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/configuring.textile b/guides/source/configuring.textile index 5ed3ad4a6b..c29b70ad5b 100644 --- a/guides/source/configuring.textile +++ b/guides/source/configuring.textile @@ -341,7 +341,7 @@ h4. Configuring Action Dispatch * +config.action_dispatch.default_headers+ is a hash with HTTP headers that are set by default in each response. By default, this is defined as: <ruby> -config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN', 'X-XSS-Protection' => '1; mode=block' } +config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN', 'X-XSS-Protection' => '1; mode=block', 'X-Content-Type-Options' => 'nosniff' } </ruby> * +config.action_dispatch.tld_length+ sets the TLD (top-level domain) length for the application. Defaults to +1+. |