Setting HTTP response headers application-wide in Rails 3.2 -
how set response headers application-wide in rails 3.2?
the rails guides security 4.0 mentions config.action_dispatch.default_headers
:
8 default headers
every http response rails application receives following default security headers.
config.action_dispatch.default_headers = { 'x-frame-options' => 'sameorigin', 'x-xss-protection' => '1; mode=block', 'x-content-type-options' => 'nosniff' }
you can configure default headers in
config/application.rb
.config.action_dispatch.default_headers = { 'header-name' => 'header-value', 'x-frame-options' => 'deny' }
but couldn't find application-wide configuration of headers in security guide rails 3.2, or relevant in configuring guide rails 3.2. answers in how add custom http header? seem either addressing versions of rails more recent 3.2, or modify responses in controllers rather application wide.
Comments
Post a Comment