From 934369f529699e65b57565189ae2d3f6f733ff11 Mon Sep 17 00:00:00 2001 From: Guillermo Iguaran Date: Thu, 13 Jun 2013 14:56:02 -0500 Subject: [PATCH] Don't set X-UA-Compatible header by default We are setting this header to chrome=1 for Chrome Frame and this will be retired soon. Check http://blog.chromium.org/2013/06/retiring-chrome-frame.html for details --- actionpack/lib/action_dispatch/railtie.rb | 3 +-- actionpack/test/dispatch/response_test.rb | 4 +--- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/actionpack/lib/action_dispatch/railtie.rb b/actionpack/lib/action_dispatch/railtie.rb index edf37bb9a5..2dfaab3587 100644 --- a/actionpack/lib/action_dispatch/railtie.rb +++ b/actionpack/lib/action_dispatch/railtie.rb @@ -20,8 +20,7 @@ module ActionDispatch config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN', 'X-XSS-Protection' => '1; mode=block', - 'X-Content-Type-Options' => 'nosniff', - 'X-UA-Compatible' => 'chrome=1' + 'X-Content-Type-Options' => 'nosniff' } config.eager_load_namespaces << ActionDispatch diff --git a/actionpack/test/dispatch/response_test.rb b/actionpack/test/dispatch/response_test.rb index 74f5253c11..2fbe7358f9 100644 --- a/actionpack/test/dispatch/response_test.rb +++ b/actionpack/test/dispatch/response_test.rb @@ -182,8 +182,7 @@ class ResponseTest < ActiveSupport::TestCase ActionDispatch::Response.default_headers = { 'X-Frame-Options' => 'DENY', 'X-Content-Type-Options' => 'nosniff', - 'X-XSS-Protection' => '1;', - 'X-UA-Compatible' => 'chrome=1' + 'X-XSS-Protection' => '1;' } resp = ActionDispatch::Response.new.tap { |response| response.body = 'Hello' @@ -193,7 +192,6 @@ class ResponseTest < ActiveSupport::TestCase assert_equal('DENY', resp.headers['X-Frame-Options']) assert_equal('nosniff', resp.headers['X-Content-Type-Options']) assert_equal('1;', resp.headers['X-XSS-Protection']) - assert_equal('chrome=1', resp.headers['X-UA-Compatible']) ensure ActionDispatch::Response.default_headers = nil end