2

Rails 4 预填充了一些“最佳实践”HTTP 标头:

$ http -j "http://127.0.0.1:3000"
(...)
HTTP/1.1 204 No Content
(...)
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block

如何在 Rails 4 中更改这些标题?

4

1 回答 1

4

为了禁用(或更改)它,将以下行添加到您的config/application.rb

config.action_dispatch.default_headers = {
  'X-Frame-Options' => 'DENY',
  'X-UA-Compatible' => 'IE=EmulateIE7'
}
于 2013-03-27T19:48:56.233 回答