cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Drop X-Download-Options from default headers

Browse source
This commit is contained in:
Tom Hughes 2023-10-27 17:26:25 +01:00
parent 7ba8ac2b61
commit 3588e955c5
1 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
config/initializers/new_framework_defaults_7_1.rb
View file

@ -17,13 +17,13 @@ Rails.application.config.add_autoload_paths_to_load_path = false
# Remove the default X-Download-Options headers since it is used only by Internet Explorer. # Remove the default X-Download-Options headers since it is used only by Internet Explorer.
# If you need to support Internet Explorer, add back `"X-Download-Options" => "noopen"`. # If you need to support Internet Explorer, add back `"X-Download-Options" => "noopen"`.
# Rails.application.config.action_dispatch.default_headers = { Rails.application.config.action_dispatch.default_headers = {
# "X-Frame-Options" => "SAMEORIGIN", "X-Frame-Options" => "SAMEORIGIN",
# "X-XSS-Protection" => "0", "X-XSS-Protection" => "0",
# "X-Content-Type-Options" => "nosniff", "X-Content-Type-Options" => "nosniff",
# "X-Permitted-Cross-Domain-Policies" => "none", "X-Permitted-Cross-Domain-Policies" => "none",
# "Referrer-Policy" => "strict-origin-when-cross-origin" "Referrer-Policy" => "strict-origin-when-cross-origin"
# } }
# Do not treat an `ActionController::Parameters` instance # Do not treat an `ActionController::Parameters` instance
# as equal to an equivalent `Hash` by default. # as equal to an equivalent `Hash` by default.