Use whitelist for config.x_frame_options
parent
96ecddf32e
commit
73cd2124f2
|
@ -49,8 +49,7 @@ module FarmBot
|
|||
SecureHeaders::Configuration.default do |config|
|
||||
config.hsts = "max-age=#{1.week.to_i}"
|
||||
# We need this off in dev mode otherwise email previews won't show up.
|
||||
puts "Don't forget to uncomment this!!!"
|
||||
config.x_frame_options = "ALLOWALL" # if Rails.env.production?
|
||||
config.x_frame_options = "ALLOW-FROM https://farm.bot" # For marketing demos
|
||||
config.x_content_type_options = "nosniff"
|
||||
config.x_xss_protection = "1; mode=block"
|
||||
config.x_download_options = "noopen"
|
||||
|
|
Loading…
Reference in New Issue