From 656ef8fd548dfa673a26a12d8d0376c254a426a1 Mon Sep 17 00:00:00 2001
From: Rodrigo Pavano <rodrigopavano@gmail.com>
Date: Thu, 27 Jun 2019 12:28:04 -0300
Subject: Update docs with warning on AS Content-Disposition override [ci skip]

---
 guides/source/active_storage_overview.md | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'guides/source/active_storage_overview.md')

diff --git a/guides/source/active_storage_overview.md b/guides/source/active_storage_overview.md
index 932a5dc2e9..46263e552a 100644
--- a/guides/source/active_storage_overview.md
+++ b/guides/source/active_storage_overview.md
@@ -398,6 +398,10 @@ helper allows you to set the disposition.
 rails_blob_path(user.avatar, disposition: "attachment")
 ```
 
+WARNING: To prevent XSS attacks, ActiveStorage forces the Content-Disposition header
+to "attachment" for some kind of files. To change this behaviour see the
+available configuration opions in [Configuring Rails Applications](configuring.html#configuring-active-storage).
+
 If you need to create a link from outside of controller/view context (Background
 jobs, Cronjobs, etc.), you can access the rails_blob_path like this:
 
-- 
cgit v1.2.3