Login/Register
Setting HTTP response headers application-wide in Rails 3.2
Asked Answered
ruby-on-railshttp-headersruby-on-rails-3.2response-headers
P

0

7

How do I set response headers application-wide in Rails 3.2?

The Rails guides to security for 4.0 mentions config.action_dispatch.default_headers:

8 Default Headers

Every HTTP response from your Rails application receives the following default security headers.

config.action_dispatch.default_headers = {
  'X-Frame-Options' => 'SAMEORIGIN',
  'X-XSS-Protection' => '1; mode=block',
  'X-Content-Type-Options' => 'nosniff'
}

You can configure default headers in config/application.rb.

config.action_dispatch.default_headers = {
  'Header-Name' => 'Header-Value',
  'X-Frame-Options' => 'DENY'
}

but I couldn't find anything about application-wide configuration of headers in the security guide for Rails 3.2, or anything relevant in the configuring guide for Rails 3.2. The answers in How do you add a custom http header? seem to either be addressing versions of Rails more recent than 3.2, or modify responses in controllers rather than application wide.

Palstave answered 15/8, 2017 at 8:46 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.