pfischbeck/projekteuler
1
0
Fork 0
mirror of https://github.com/projekteuler/projekteuler.git synced 2026-01-27 02:28:50 +01:00
Code Issues Releases Wiki Activity

Merge pull request #93 from projekteuler/security-headers

Browse Source 
Improve default HTTP headers
This commit is contained in:
Philipp Fischbeck
2019-03-19 22:45:24 +01:00
committed by GitHub
parent bb6001ee27 d6f3a86908
commit 8e90966871
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
config/application.rb
View File

@@ -17,7 +17,12 @@ module Projekteuler
# the framework and any gems in your application.
config.action_dispatch.default_headers = {
'X-Frame-Options' => 'DENY'
'X-Frame-Options' => 'DENY',
'X-XSS-Protection' => '1; mode=block',
'X-Content-Type-Options' => 'nosniff',
'X-Download-Options' => 'noopen',
'X-Permitted-Cross-Domain-Policies' => 'none',
'Referrer-Policy' => 'strict-origin-when-cross-origin'
}
# Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.