class Rack::Protection::FrameOptions
- to allow embedding from the same origin (default).
frame. Use :deny to forbid any embedding, :sameorigin
frame_options - Defines who should be allowed to embed the page in a
Options:
in a frame.
Sets X-Frame-Options header to tell the browser avoid embedding the page
More infos - developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header<br>Safari 4.0, Chrome 4.1.249.1042 and later
Supported browsers - Internet Explorer 8, Firefox 3.6.9, Opera 10.50,
Prevented attack -
Clickjacking
#
- Internet Explorer 8, Firefox 3.6.9, Opera 10.50,
- developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header<br>Safari 4.0, Chrome 4.1.249.1042 and later
- Defines who should be allowed to embed the page in a
def header
def header @header ||= begin frame_options = options[:frame_options] frame_options = options[:frame_options].to_s.upcase unless frame_options.respond_to? :to_str { 'X-Frame-Options' => frame_options.to_str } end end