Fix missing default headers

8 years ago · a59d10d3df
parent 9467b900a2
commit a59d10d3df
1 changed files with 3 additions and 1 deletions
--- a/config/application.rb
+++ b/config/application.rb
@ -38,7 +38,9 @@ module Mastodon
    end

    config.action_dispatch.default_headers = {
-      'X-Frame-Options' => 'DENY'
+      'X-Frame-Options' => 'DENY',
+      'X-Content-Type-Options' => 'nosniff',
+      'X-XSS-Protection' => '1; mode=block'
    }
  end
 end