Class: Rack::Protection::FrameOptions
- Defined in:
- lib/rack/protection/frame_options.rb
Overview
- Prevented attack
-
Clickjacking
- Supported browsers
-
Internet Explorer 8, Firefox 3.6.9, Opera 10.50, Safari 4.0, Chrome 4.1.249.1042 and later
- More infos
-
developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
Sets X-Frame-Options header to tell the browser avoid embedding the page in a frame.
Options:
- frame_options
-
Defines who should be allowed to embed the page in a frame. Use :deny to forbid any embedding, :sameorigin to allow embedding from the same origin (default).
Constant Summary
Constants inherited from Base
Instance Attribute Summary
Attributes inherited from Base
Instance Method Summary collapse
Methods inherited from XSSHeader
Methods inherited from Base
#accepts?, #call, #default_options, default_options, default_reaction, #deny, #drop_session, #encrypt, #initialize, #random_string, #react, #referrer, #safe?, #session, #session?, #warn
Constructor Details
This class inherits a constructor from Rack::Protection::Base
Instance Method Details
#header ⇒ Object
21 22 23 |
# File 'lib/rack/protection/frame_options.rb', line 21 def header { 'X-Frame-Options' => [:frame_options].to_s } end |