Module: Tynn::SecureHeaders
- Defined in:
- lib/tynn/secure_headers.rb
Overview
Public: Adds security related HTTP headers.
Examples
require "tynn"
require "tynn/secure_headers"
Tynn.plugin(Tynn::SecureHeaders)
This plugin applies the following headers:
X-Content-Type-Options: "nosniff"
Prevents IE and Chrome from content type sniffing
X-Frame-Options: "SAMEORIGIN"
Provides Clickjacking protection.
X-Permitted-Cross-Domain-Policies: "none"
Restricts Adobe Flash Player’s access to data.
X-XSS-Protection: "1; mode=block"
Enables the XSS protection filter built into IE, Chrome and Safari. This filter is usually enabled by default, the use of this header is to re-enable it if it was turned off by the user.
Class Method Summary collapse
-
.setup(app) ⇒ Object
Internal: Sets the default HTTP secure headers.
Class Method Details
.setup(app) ⇒ Object
Internal: Sets the default HTTP secure headers.
35 36 37 38 39 40 41 42 |
# File 'lib/tynn/secure_headers.rb', line 35 def self.setup(app) app.settings[:default_headers].update( "X-Content-Type-Options" => "nosniff", "X-Frame-Options" => "SAMEORIGIN", "X-Permitted-Cross-Domain-Policies" => "none", "X-XSS-Protection" => "1; mode=block" ) end |