diff options
author | yuuji.yaginuma <yuuji.yaginuma@gmail.com> | 2018-01-28 16:00:33 +0900 |
---|---|---|
committer | yuuji.yaginuma <yuuji.yaginuma@gmail.com> | 2018-01-28 16:00:33 +0900 |
commit | a88eb9087260cca256c6faba40bf538d4a0289b3 (patch) | |
tree | 1538faceb74aaaa952bbf3b20fa305cb4778d281 /guides | |
parent | c045637c94b702ab7ae4d624cc8f97087826c548 (diff) | |
download | rails-a88eb9087260cca256c6faba40bf538d4a0289b3.tar.gz rails-a88eb9087260cca256c6faba40bf538d4a0289b3.tar.bz2 rails-a88eb9087260cca256c6faba40bf538d4a0289b3.zip |
Update `action_dispatch.default_headers` default value [ci skip]
This was changed with 5d7b70f and 428939b.
Diffstat (limited to 'guides')
-rw-r--r-- | guides/source/configuring.md | 5 | ||||
-rw-r--r-- | guides/source/security.md | 5 |
2 files changed, 8 insertions, 2 deletions
diff --git a/guides/source/configuring.md b/guides/source/configuring.md index 36c2fdb0b8..a0bf6046da 100644 --- a/guides/source/configuring.md +++ b/guides/source/configuring.md @@ -462,7 +462,10 @@ The schema dumper adds one additional configuration option: config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN', 'X-XSS-Protection' => '1; mode=block', - 'X-Content-Type-Options' => 'nosniff' + 'X-Content-Type-Options' => 'nosniff', + 'X-Download-Options' => 'noopen', + 'X-Permitted-Cross-Domain-Policies' => 'none', + 'Referrer-Policy' => 'strict-origin-when-cross-origin' } ``` diff --git a/guides/source/security.md b/guides/source/security.md index ab5a5a7a31..de0b523057 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -1070,7 +1070,10 @@ Every HTTP response from your Rails application receives the following default s config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN', 'X-XSS-Protection' => '1; mode=block', - 'X-Content-Type-Options' => 'nosniff' + 'X-Content-Type-Options' => 'nosniff', + 'X-Download-Options' => 'noopen', + 'X-Permitted-Cross-Domain-Policies' => 'none', + 'Referrer-Policy' => 'strict-origin-when-cross-origin' } ``` |