Browse files

Merge pull request #4 from eligolding/patch-1

Added warning for lack of browser support for the ALLOW-FROM option
  • Loading branch information...
EvanHahn committed Jun 5, 2015
2 parents 7c22594 + 7d497aa commit 831159cf635e62edb17831b7e31a71c8a775e7f9
Showing with 2 additions and 0 deletions.
  1. +2 −0
@@ -23,3 +23,5 @@ app.use(frameguard('allow-from', ''));
**Limitations:** This has pretty good (but not 100%) browser support: IE8+, Opera 10.50+, Safari 4+, Chrome 4.1+, and Firefox 3.6.9+. It only prevents against a certain class of attack, but does so pretty well. It also prevents your site from being framed, which you might want for legitimate reasons.
**Warning:** The `ALLOW-FROM` header option is [not supported in most browsers]( Those browsers will ignore the entire header, [and the frame *will* be displayed](

0 comments on commit 831159c

Please sign in to comment.