summaryrefslogtreecommitdiff
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/application_controller.rb18
1 files changed, 18 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 62d9df2..9734a33 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,5 +1,7 @@
class ApplicationController < ActionController::Base
protect_from_forgery
+ before_filter :no_cache_header
+ before_filter :no_frame_header
ActiveSupport.run_load_hooks(:application_controller, self)
@@ -15,4 +17,20 @@ class ApplicationController < ActionController::Base
end
helper_method :bold
+ #
+ # we want to prevent the browser from caching anything, just to be safe.
+ #
+ def no_cache_header
+ response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate"
+ response.headers["Pragma"] = "no-cache"
+ response.headers["Expires"] = "0"
+ end
+
+ #
+ # prevent app from being embedded in an iframe, for browsers that support x-frame-options.
+ #
+ def no_frame_header
+ response.headers["X-Frame-Options"] = "DENY"
+ end
+
end