Disable config.x_frame_options
parent
334f8edf18
commit
bb3d7fa81e
|
@ -49,15 +49,14 @@ module FarmBot
|
|||
SecureHeaders::Configuration.default do |config|
|
||||
config.hsts = "max-age=#{1.week.to_i}"
|
||||
# We need this off in dev mode otherwise email previews won't show up.
|
||||
config.x_frame_options = "DENY" if Rails.env.production?
|
||||
puts "Don't forget to uncomment this!!!"
|
||||
# config.x_frame_options = "DENY" if Rails.env.production?
|
||||
config.x_content_type_options = "nosniff"
|
||||
config.x_xss_protection = "1; mode=block"
|
||||
config.x_download_options = "noopen"
|
||||
config.x_permitted_cross_domain_policies = "none"
|
||||
config.referrer_policy = %w(
|
||||
origin-when-cross-origin
|
||||
strict-origin-when-cross-origin
|
||||
)
|
||||
config.referrer_policy =
|
||||
%w(origin-when-cross-origin strict-origin-when-cross-origin)
|
||||
connect_src = ALL_LOCAL_URIS + [
|
||||
ENV["MQTT_HOST"],
|
||||
"api.github.com",
|
||||
|
|
Loading…
Reference in New Issue