From 4848bf321b34cc06990bf6e3e10cbadaf992bc37 Mon Sep 17 00:00:00 2001 From: Jim Jones Date: Sat, 18 Aug 2012 15:29:58 -0700 Subject: Added X-Content-Type-Options to the header defaults. With a value of "nosniff", this prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. --- guides/source/configuring.textile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides') diff --git a/guides/source/configuring.textile b/guides/source/configuring.textile index 5ed3ad4a6b..c29b70ad5b 100644 --- a/guides/source/configuring.textile +++ b/guides/source/configuring.textile @@ -341,7 +341,7 @@ h4. Configuring Action Dispatch * +config.action_dispatch.default_headers+ is a hash with HTTP headers that are set by default in each response. By default, this is defined as: -config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN', 'X-XSS-Protection' => '1; mode=block' } +config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN', 'X-XSS-Protection' => '1; mode=block', 'X-Content-Type-Options' => 'nosniff' } * +config.action_dispatch.tld_length+ sets the TLD (top-level domain) length for the application. Defaults to +1+. -- cgit v1.2.3