Permalink
Browse files

add x-frame headers

  • Loading branch information...
1 parent 9723c4a commit 9678a1d4b2133141eb1f70e497a6329aff0ad531 @davecocoa davecocoa committed Nov 18, 2012
Showing with 6 additions and 0 deletions.
  1. +4 −0 Gemfile
  2. +2 −0 config.ru
View
@@ -12,6 +12,10 @@ gem 'rails_autolink', '1.0.9'
gem 'rack-cors', '0.2.7', :require => 'rack/cors'
+# click-jacking protection
+
+gem 'rack-protection', '1.2'
+
# authentication
gem 'devise', '2.1.2'
View
@@ -14,4 +14,6 @@ if defined?(Unicorn)
end
use Rack::Deflater
use Rack::ChromeFrame, :minimum => 8
+use Rack::Protection::FrameOptions
+
run Diaspora::Application

0 comments on commit 9678a1d

Please sign in to comment.