docs for FrameOptions
This commit is contained in:
parent
b046e5fe37
commit
113c20a819
|
@ -2,6 +2,18 @@ require 'rack/protection'
|
|||
|
||||
module Rack
|
||||
module Protection
|
||||
##
|
||||
# Sets X-Frame-Options header to tell the browser avoid embedding the page
|
||||
# in a frame.
|
||||
#
|
||||
# Prevented attack:: Clickjacking
|
||||
# Supported browsers:: Internet Explorer 8, Firefox 3.6.9, Opera 10.50,
|
||||
# Safari 4.0, Chrome 4.1.249.1042 and later
|
||||
#
|
||||
# Options:
|
||||
# frame_options:: Defines who should be allowed to embed the page in a
|
||||
# frame. Use :deny to forbid any embedding, :sameorigin
|
||||
# to allow embedding from the same origin (default).
|
||||
class FrameOptions < XSSHeader
|
||||
default_options :frame_options => :sameorigin
|
||||
def header
|
||||
|
|
|
@ -6,10 +6,10 @@ module Rack
|
|||
# Sets X-XSS-Protection header to tell the browser to block attacks.
|
||||
#
|
||||
# Prevented attack:: Non-permanent XSS
|
||||
# Supported browsers:: Internet Explorer >= 8
|
||||
# Supported browsers:: Internet Explorer 8 and later
|
||||
#
|
||||
# Options:
|
||||
# xss_mode:: How the browser should prevent the attack (default: `:block`)
|
||||
# xss_mode:: How the browser should prevent the attack (default: :block)
|
||||
class XSSHeader < Base
|
||||
default_options :xss_mode => :block
|
||||
|
||||
|
|
Loading…
Reference in New Issue