diff options
| -rw-r--r-- | actionpack/CHANGELOG.md | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index fd8b38054e..880263ce87 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,5 +1,11 @@ ## Rails 4.0.0 (unreleased) ## +* Add 'X-Frame-Options' => 'SAMEORIGIN' and + 'X-XSS-Protection' => '1; mode=block' + as default headers. + + *Egor Homakov* + * Allow data attributes to be set as a first-level option for form_for, so you can write `form_for @record, data: { behavior: 'autosave' }` instead of `form_for @record, html: { data: { behavior: 'autosave' } }` *DHH* * Deprecate `button_to_function` and `link_to_function` helpers. |