From 4848bf321b34cc06990bf6e3e10cbadaf992bc37 Mon Sep 17 00:00:00 2001
From: Jim Jones <jjones@aantix.com>
Date: Sat, 18 Aug 2012 15:29:58 -0700
Subject: Added X-Content-Type-Options to the header defaults.

With a value of "nosniff", this prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
---
 guides/source/configuring.textile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'guides')

diff --git a/guides/source/configuring.textile b/guides/source/configuring.textile
index 5ed3ad4a6b..c29b70ad5b 100644
--- a/guides/source/configuring.textile
+++ b/guides/source/configuring.textile
@@ -341,7 +341,7 @@ h4. Configuring Action Dispatch
 * +config.action_dispatch.default_headers+ is a hash with HTTP headers that are set by default in each response. By default, this is defined as:
 
 <ruby>
-config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN', 'X-XSS-Protection' => '1; mode=block' }
+config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN', 'X-XSS-Protection' => '1; mode=block', 'X-Content-Type-Options' => 'nosniff' }
 </ruby>
 
 * +config.action_dispatch.tld_length+ sets the TLD (top-level domain) length for the application. Defaults to +1+.
-- 
cgit v1.2.3