Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
af26adcf
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
af26adcf
编写于
8月 18, 2012
作者:
R
Rafael Mendonça França
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #7390 from aantix/add_x_content_type_options_to_default_headers
Added X-Content-Type-Options to the header defaults.
上级
db78e582
4848bf32
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
9 addition
and
5 deletion
+9
-5
actionpack/CHANGELOG.md
actionpack/CHANGELOG.md
+3
-2
actionpack/lib/action_dispatch/railtie.rb
actionpack/lib/action_dispatch/railtie.rb
+2
-1
actionpack/test/dispatch/response_test.rb
actionpack/test/dispatch/response_test.rb
+3
-1
guides/source/configuring.textile
guides/source/configuring.textile
+1
-1
未找到文件。
actionpack/CHANGELOG.md
浏览文件 @
af26adcf
...
...
@@ -51,8 +51,9 @@
*Richard Schneeman*
*
Add 'X-Frame-Options' => 'SAMEORIGIN' and
'X-XSS-Protection' => '1; mode=block'
*
Add 'X-Frame-Options' => 'SAMEORIGIN'
'X-XSS-Protection' => '1; mode=block' and
'X-Content-Type-Options' => 'nosniff'
as default headers.
*Egor Homakov*
...
...
actionpack/lib/action_dispatch/railtie.rb
浏览文件 @
af26adcf
...
...
@@ -21,7 +21,8 @@ class Railtie < Rails::Railtie
config
.
action_dispatch
.
default_headers
=
{
'X-Frame-Options'
=>
'SAMEORIGIN'
,
'X-XSS-Protection'
=>
'1; mode=block'
'X-XSS-Protection'
=>
'1; mode=block'
,
'X-Content-Type-Options'
=>
'nosniff'
}
initializer
"action_dispatch.configure"
do
|
app
|
...
...
actionpack/test/dispatch/response_test.rb
浏览文件 @
af26adcf
...
...
@@ -177,9 +177,10 @@ def test_response_body_encoding
end
end
test
"read x_frame_options and x_xss_protection"
do
test
"read x_frame_options
, x_content_type_options
and x_xss_protection"
do
ActionDispatch
::
Response
.
default_headers
=
{
'X-Frame-Options'
=>
'DENY'
,
'X-Content-Type-Options'
=>
'nosniff'
,
'X-XSS-Protection'
=>
'1;'
}
resp
=
ActionDispatch
::
Response
.
new
.
tap
{
|
response
|
...
...
@@ -188,6 +189,7 @@ def test_response_body_encoding
resp
.
to_a
assert_equal
(
'DENY'
,
resp
.
headers
[
'X-Frame-Options'
])
assert_equal
(
'nosniff'
,
resp
.
headers
[
'X-Content-Type-Options'
])
assert_equal
(
'1;'
,
resp
.
headers
[
'X-XSS-Protection'
])
end
...
...
guides/source/configuring.textile
浏览文件 @
af26adcf
...
...
@@ -341,7 +341,7 @@ h4. Configuring Action Dispatch
* +config.action_dispatch.default_headers+ is a hash with HTTP headers that are set by default in each response. By default, this is defined as:
<ruby>
config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN', 'X-XSS-Protection' => '1; mode=block' }
config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN', 'X-XSS-Protection' => '1; mode=block'
, 'X-Content-Type-Options' => 'nosniff'
}
</ruby>
* +config.action_dispatch.tld_length+ sets the TLD (top-level domain) length for the application. Defaults to +1+.
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录