github
/
secure_headers
зеркало из https://github.com/github/secure_headers.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

change all XSS protection values to integer, since string causes an exception

This commit is contained in:
William Makley 2013-03-27 12:55:21 -04:00
Родитель 214781102b
Коммит 21f4c3e209
1 изменённых файлов: 3 добавлений и 3 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

6
README.md
Просмотреть файл

@ -56,7 +56,7 @@ This gem makes a few assumptions about how you will use some features. For exam
config.hsts = {:max_age => 99, :include_subdomains => true}
config.x_frame_options = 'DENY'
config.x_content_type_options = "nosniff"
config.x_xss_protection = {:value => '1', :mode => false}
config.x_xss_protection = {:value => 1, :mode => false}
config.csp = {
:default_src => "https://* inline eval",
:report_uri => '//example.com/uri-directive',
@ -91,7 +91,7 @@ header will be constructed using the supplied options.
```ruby
:hsts => {:max_age => 631138519, :include_subdomain => true}
:x_frame_options => {:value => 'SAMEORIGIN'}
:x_xss_protection => {:value => '1', :mode => false} # set the :mode option to 'block' to enforce the browser's xss filter
:x_xss_protection => {:value => 1, :mode => false} # set the :mode option to 'block' to enforce the browser's xss filter
```
### Content Security Policy (CSP)
@ -235,7 +235,7 @@ require 'secure_headers'
config.hsts = {:max_age => 99, :include_subdomains => true}
config.x_frame_options = 'DENY'
config.x_content_type_options = "nosniff"
config.x_xss_protection = {:value => '1', :mode => false}
config.x_xss_protection = {:value => 1, :mode => false}
config.csp = {
:default_src => "https://* inline eval",
:report_uri => '//example.com/uri-directive',