introduce default_headers config

author: Egor Homakov <homakov@gmail.com> 2012-08-09 16:45:30 +0300
committer: Egor Homakov <homakov@gmail.com> 2012-08-09 16:45:30 +0300
commit: 2a290f7f7cdf775491eda05b3690be6d96cd9bf6 (patch)
tree: 929a9ad484ed85862a34f0840a1c68f0e184075a /railties
parent: 2da242f63c28fbf476b814b18e184154a12d0f87 (diff)
download: rails-2a290f7f7cdf775491eda05b3690be6d96cd9bf6.tar.gz
rails-2a290f7f7cdf775491eda05b3690be6d96cd9bf6.tar.bz2
rails-2a290f7f7cdf775491eda05b3690be6d96cd9bf6.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/railties/lib/rails/generators/rails/app/templates/config/application.rb b/railties/lib/rails/generators/rails/app/templates/config/application.rb
index 1ee90e88f2..f20dd78031 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/application.rb
+++ b/railties/lib/rails/generators/rails/app/templates/config/application.rb
@@ -41,6 +41,11 @@ module <%= app_const_base %>
     # Configure sensitive parameters which will be filtered from the log file.
     config.filter_parameters += [:password]
 
+    config.action_dispatch.default_headers = {
+        'X-Frame-Options' => 'SAMEORIGIN',
+        'X-XSS-Protection' => '1; mode=block'
+    }
+
     # Use SQL instead of Active Record's schema dumper when creating the database.
     # This is necessary if your schema can't be completely dumped by the schema dumper,
     # like if you have constraints or database-specific column types.
author	Egor Homakov <homakov@gmail.com>	2012-08-09 16:45:30 +0300
committer	Egor Homakov <homakov@gmail.com>	2012-08-09 16:45:30 +0300
commit	2a290f7f7cdf775491eda05b3690be6d96cd9bf6 (patch)
tree	929a9ad484ed85862a34f0840a1c68f0e184075a /railties
parent	2da242f63c28fbf476b814b18e184154a12d0f87 (diff)
download	rails-2a290f7f7cdf775491eda05b3690be6d96cd9bf6.tar.gz rails-2a290f7f7cdf775491eda05b3690be6d96cd9bf6.tar.bz2 rails-2a290f7f7cdf775491eda05b3690be6d96cd9bf6.zip