Setting HTTP response headers application-wide in Rails 3.2 -


how set response headers application-wide in rails 3.2?

the rails guides security 4.0 mentions config.action_dispatch.default_headers:

8 default headers

every http response rails application receives following default security headers.

config.action_dispatch.default_headers = {   'x-frame-options' => 'sameorigin',   'x-xss-protection' => '1; mode=block',   'x-content-type-options' => 'nosniff' } 

you can configure default headers in config/application.rb.

config.action_dispatch.default_headers = {   'header-name' => 'header-value',   'x-frame-options' => 'deny' } 

but couldn't find application-wide configuration of headers in security guide rails 3.2, or relevant in configuring guide rails 3.2. answers in how add custom http header? seem either addressing versions of rails more recent 3.2, or modify responses in controllers rather application wide.


Comments

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

python Tkinter Capturing keyboard events save as one single string -

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -