docs for FrameOptions

2011-05-24 11:18:44 +02:00 · 2011-05-24 11:18:44 +02:00 · 113c20a819
parent b046e5fe37
commit 113c20a819
2 changed files with 14 additions and 2 deletions
--- a/rack-protection/lib/rack/protection/frame_options.rb
+++ b/rack-protection/lib/rack/protection/frame_options.rb
@ -2,6 +2,18 @@ require 'rack/protection'

 module Rack
  module Protection
+    ##
+    # Sets X-Frame-Options header to tell the browser avoid embedding the page
+    # in a frame.
+    #
+    # Prevented attack::   Clickjacking
+    # Supported browsers:: Internet Explorer 8, Firefox 3.6.9, Opera 10.50,
+    #                      Safari 4.0, Chrome 4.1.249.1042 and later
+    #
+    # Options:
+    # frame_options:: Defines who should be allowed to embed the page in a
+    #                 frame. Use :deny to forbid any embedding, :sameorigin
+    #                 to allow embedding from the same origin (default).
    class FrameOptions < XSSHeader
      default_options :frame_options => :sameorigin
      def header
--- a/rack-protection/lib/rack/protection/xss_header.rb
+++ b/rack-protection/lib/rack/protection/xss_header.rb
@ -6,10 +6,10 @@ module Rack
    # Sets X-XSS-Protection header to tell the browser to block attacks.
    #
    # Prevented attack::   Non-permanent XSS
-    # Supported browsers:: Internet Explorer >= 8
+    # Supported browsers:: Internet Explorer 8 and later
    #
    # Options:
-    # xss_mode:: How the browser should prevent the attack (default: `:block`)
+    # xss_mode:: How the browser should prevent the attack (default: :block)
    class XSSHeader < Base
      default_options :xss_mode => :block