LoginSignup
19
16

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@yaotti(海野 弘成)

レスポンスヘッダーに X-Content-Type-Options: nosniff を追加する

Posted at

railsのedgeではデフォルトで入る(config.action_dispatch.default_headersに入れられる)が安定版(3.2.8)にはまだ入っていないので,暫定対応. https://github.com/rails/rails/pull/7390

configでデフォルトヘッダーを設定する方法がないためApplicationControllerのfilterでやるしかない?汚い…

application_controller.rb
class ApplicationController < ActionController::Base
  after_filter :set_default_headers
  private
  DEFAULT_HEADERS = {
      'X-Frame-Options' => 'SAMEORIGIN',
      'X-XSS-Protection' => '1; mode=block',
      'X-Content-Type-Options' => 'nosniff'
  }.freeze

  def set_default_headers
    DEFAULT_HEADERS.each_pair do |key, val|
      response.headers[key] = val
    end
  end
end
19
16
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
19
16

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?