consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use the new default headers

Browse Source 
The only change between these headers and the ones sent by Rails 7.0
application is that the `"X-Download-Options" => "noopen"` is no longer
sent. Only Internet Explorer used that header, and uploading, previewing
and downloading attachments still works fine on Internet Explorer 11
after this change.

[1] Pull request 43968 in https://github.com/rails/rails
This commit is contained in:
Javi Martín
2024-04-15 00:52:42 +02:00
parent 77d113d640
commit 402b64291c
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
config/initializers/new_framework_defaults_7_1.rb
View File

@@ -13,13 +13,13 @@
# Remove the default X-Download-Options headers since it is used only by Internet Explorer. # Remove the default X-Download-Options headers since it is used only by Internet Explorer.
# If you need to support Internet Explorer, add back `"X-Download-Options" => "noopen"`. # If you need to support Internet Explorer, add back `"X-Download-Options" => "noopen"`.
#++ #++
# Rails.application.config.action_dispatch.default_headers = { Rails.application.config.action_dispatch.default_headers = {
# "X-Frame-Options" => "SAMEORIGIN", "X-Frame-Options" => "SAMEORIGIN",
# "X-XSS-Protection" => "0", "X-XSS-Protection" => "0",
# "X-Content-Type-Options" => "nosniff", "X-Content-Type-Options" => "nosniff",
# "X-Permitted-Cross-Domain-Policies" => "none", "X-Permitted-Cross-Domain-Policies" => "none",
# "Referrer-Policy" => "strict-origin-when-cross-origin" "Referrer-Policy" => "strict-origin-when-cross-origin"
# } }
### ###
# Do not treat an `ActionController::Parameters` instance # Do not treat an `ActionController::Parameters` instance