diff options
author | elijah <elijah@riseup.net> | 2013-07-11 17:55:31 -0700 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2013-07-11 17:55:31 -0700 |
commit | 123babecf44ac0c075337d8d2108019c46b5c9a7 (patch) | |
tree | 36d47cd32f5af67e3a026bbd74c50d4c1da15aa5 /app | |
parent | e7ee261680e42e99d7a5ee2e91987bf92d99b3a4 (diff) |
add header to prevent iframes
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/application_controller.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 65d4861..9734a33 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,6 +1,7 @@ class ApplicationController < ActionController::Base protect_from_forgery before_filter :no_cache_header + before_filter :no_frame_header ActiveSupport.run_load_hooks(:application_controller, self) @@ -25,4 +26,11 @@ class ApplicationController < ActionController::Base response.headers["Expires"] = "0" end + # + # prevent app from being embedded in an iframe, for browsers that support x-frame-options. + # + def no_frame_header + response.headers["X-Frame-Options"] = "DENY" + end + end |