From 113c20a819fdcbbdcada19e6e6b6ebc49878092c Mon Sep 17 00:00:00 2001 From: Konstantin Haase Date: Tue, 24 May 2011 11:18:44 +0200 Subject: [PATCH] docs for FrameOptions --- rack-protection/lib/rack/protection/frame_options.rb | 12 ++++++++++++ rack-protection/lib/rack/protection/xss_header.rb | 4 ++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/rack-protection/lib/rack/protection/frame_options.rb b/rack-protection/lib/rack/protection/frame_options.rb index 265e12be..262430be 100644 --- a/rack-protection/lib/rack/protection/frame_options.rb +++ b/rack-protection/lib/rack/protection/frame_options.rb @@ -2,6 +2,18 @@ require 'rack/protection' module Rack module Protection + ## + # Sets X-Frame-Options header to tell the browser avoid embedding the page + # in a frame. + # + # Prevented attack:: Clickjacking + # Supported browsers:: Internet Explorer 8, Firefox 3.6.9, Opera 10.50, + # Safari 4.0, Chrome 4.1.249.1042 and later + # + # Options: + # frame_options:: Defines who should be allowed to embed the page in a + # frame. Use :deny to forbid any embedding, :sameorigin + # to allow embedding from the same origin (default). class FrameOptions < XSSHeader default_options :frame_options => :sameorigin def header diff --git a/rack-protection/lib/rack/protection/xss_header.rb b/rack-protection/lib/rack/protection/xss_header.rb index 9cde35e1..2b262415 100644 --- a/rack-protection/lib/rack/protection/xss_header.rb +++ b/rack-protection/lib/rack/protection/xss_header.rb @@ -6,10 +6,10 @@ module Rack # Sets X-XSS-Protection header to tell the browser to block attacks. # # Prevented attack:: Non-permanent XSS - # Supported browsers:: Internet Explorer >= 8 + # Supported browsers:: Internet Explorer 8 and later # # Options: - # xss_mode:: How the browser should prevent the attack (default: `:block`) + # xss_mode:: How the browser should prevent the attack (default: :block) class XSSHeader < Base default_options :xss_mode => :block