gem.sh

lib/rack/protection/frame_options.rb

require 'rack/protection'

module Rack
  module Protection
    ##
    # Prevented attack::   Clickjacking
    # Supported browsers:: Internet Explorer 8, Firefox 3.6.9, Opera 10.50,
    #                      Safari 4.0, Chrome 4.1.249.1042 and later
    # More infos::         https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
    #
    # Sets X-Frame-Options header to tell the browser avoid embedding the page
    # in a frame.
    #
    # Options:
    #
    # frame_options:: Defines who should be allowed to embed the page in a
    #                 frame. Use :deny to forbid any embedding, :sameorigin
    #                 to allow embedding from the same origin (default).
    class FrameOptions < XSSHeader
      default_options :frame_options => :sameorigin
      def header
        { 'X-Frame-Options' => options[:frame_options].to_s }
      end
    end
  end
end

Source Files

lib/rack-protection.rb
lib/rack/protection.rb
lib/rack/protection/authenticity_token.rb
lib/rack/protection/base.rb
lib/rack/protection/escaped_params.rb
lib/rack/protection/form_token.rb
lib/rack/protection/frame_options.rb
lib/rack/protection/ip_spoofing.rb
lib/rack/protection/json_csrf.rb
lib/rack/protection/path_traversal.rb
lib/rack/protection/remote_referrer.rb
lib/rack/protection/remote_token.rb
lib/rack/protection/session_hijacking.rb
lib/rack/protection/version.rb
lib/rack/protection/xss_header.rb

Modules

Classes

lib/rack/protection/frame_options.rb

Source Files