Added X-Content-Type-Options to the header defaults.

With a value of "nosniff", this prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
author: Jim Jones <jjones@aantix.com> 2012-08-18 15:29:58 -0700
committer: Jim Jones <jjones@aantix.com> 2012-08-18 15:29:58 -0700
commit: 4848bf321b34cc06990bf6e3e10cbadaf992bc37 (patch)
tree: c287546075524fa619e965de5ca315fd654ebf7e /guides
parent: db78e58294c5e4ee6fb960c79f882c80b22afbcf (diff)
download: rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.tar.gz
rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.tar.bz2
rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/configuring.textile b/guides/source/configuring.textile
index 5ed3ad4a6b..c29b70ad5b 100644
--- a/guides/source/configuring.textile
+++ b/guides/source/configuring.textile
@@ -341,7 +341,7 @@ h4. Configuring Action Dispatch
 * +config.action_dispatch.default_headers+ is a hash with HTTP headers that are set by default in each response. By default, this is defined as:
 
 <ruby>
-config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN', 'X-XSS-Protection' => '1; mode=block' }
+config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN', 'X-XSS-Protection' => '1; mode=block', 'X-Content-Type-Options' => 'nosniff' }
 </ruby>
 
 * +config.action_dispatch.tld_length+ sets the TLD (top-level domain) length for the application. Defaults to +1+.
author	Jim Jones <jjones@aantix.com>	2012-08-18 15:29:58 -0700
committer	Jim Jones <jjones@aantix.com>	2012-08-18 15:29:58 -0700
commit	4848bf321b34cc06990bf6e3e10cbadaf992bc37 (patch)
tree	c287546075524fa619e965de5ca315fd654ebf7e /guides
parent	db78e58294c5e4ee6fb960c79f882c80b22afbcf (diff)
download	rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.tar.gz rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.tar.bz2 rails-4848bf321b34cc06990bf6e3e10cbadaf992bc37.zip