Default Security Headers

24 views
Skip to first unread message

iain

unread,
Aug 22, 2011, 7:25:22 AM8/22/11
to Ruby on Rails: Core
I was reading an article on Google+ I found through Hackernews:
http://www.barracudalabs.com/wordpress/index.php/2011/07/21/google-gets-a-1-for-browser-security-3/

I was wondering if these headers should be turned on by default in
Rails?

As far as I know, some of them can be sent by default, while others
can only be sent when force_ssl is on.

Aaron Patterson

unread,
Aug 22, 2011, 2:32:23 PM8/22/11
to rubyonra...@googlegroups.com
On Mon, Aug 22, 2011 at 04:25:22AM -0700, iain wrote:
> I was reading an article on Google+ I found through Hackernews:
> http://www.barracudalabs.com/wordpress/index.php/2011/07/21/google-gets-a-1-for-browser-security-3/
>
> I was wondering if these headers should be turned on by default in
> Rails?

I think adding the X Headers by default would be fine. I don't think we
should muck with the cookie one though.

--
Aaron Patterson
http://tenderlovemaking.com/

Reply all
Reply to author
Forward
0 new messages