Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Move AD default_headers configurations to railtie

ActionDispatch railtie is a better place for
config.action_dispatch.default_headers settings, users can continue
overriding those settings in their configuration files if needed.
  • Loading branch information...
commit c347236ce9feb8e92e0543e3c51a9bcccf319a9c 1 parent a63fc94
Guillermo Iguaran guilleiguaran authored
5 actionpack/lib/action_dispatch/railtie.rb
View
@@ -19,6 +19,11 @@ class Railtie < Rails::Railtie
:verbose => false
}
+ config.action_dispatch.default_headers = {
+ 'X-Frame-Options' => 'SAMEORIGIN',
+ 'X-XSS-Protection' => '1; mode=block'
+ }
+
initializer "action_dispatch.configure" do |app|
ActionDispatch::Http::URL.tld_length = app.config.action_dispatch.tld_length
ActionDispatch::Request.ignore_accept_header = app.config.action_dispatch.ignore_accept_header
5 railties/lib/rails/generators/rails/app/templates/config/application.rb
View
@@ -41,11 +41,6 @@ class Application < Rails::Application
# Configure sensitive parameters which will be filtered from the log file.
config.filter_parameters += [:password]
- config.action_dispatch.default_headers = {
- 'X-Frame-Options' => 'SAMEORIGIN',
- 'X-XSS-Protection' => '1; mode=block'
- }
-
# Use SQL instead of Active Record's schema dumper when creating the database.
# This is necessary if your schema can't be completely dumped by the schema dumper,
# like if you have constraints or database-specific column types.
Please sign in to comment.
Something went wrong with that request. Please try again.