Skip to content

Commit 399706f

Browse files
rzhade3rzhade3
authored
Apply suggestions from code review
1 parent 869e8a6 commit 399706f

File tree

2 files changed

+7
-7
lines changed

2 files changed

+7
-7
lines changed

README.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,7 @@ end
9292
```
9393

9494
### Deprecated Configuration Values
95-
* `block_all_mixed_content` - this value is deprecated in favor of `upgrade_insecure_requests`. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/content-security-policy/block-all-mixed-content for more information.
95+
* `block_all_mixed_content` - this value is deprecated in favor of `upgrade_insecure_requests`. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/block-all-mixed-content for more information.
9696

9797
## Default values
9898

@@ -101,11 +101,11 @@ All headers except for PublicKeyPins and ClearSiteData have a default value. The
101101
```
102102
content-security-policy: default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src https:; style-src 'self' https: 'unsafe-inline'
103103
strict-transport-security: max-age=631138519
104-
X-Content-Type-Options: nosniff
104+
x-content-type-options: nosniff
105105
x-download-options: noopen
106-
X-Frame-Options: sameorigin
106+
x-frame-options: sameorigin
107107
x-permitted-cross-domain-policies: none
108-
X-Xss-Protection: 0
108+
x-xss-protection: 0
109109
```
110110

111111
## API configurations

lib/secure_headers/railtie.rb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,11 +4,11 @@
44
module SecureHeaders
55
class Railtie < Rails::Railtie
66
isolate_namespace SecureHeaders if defined? isolate_namespace # rails 3.0
7-
conflicting_headers = ["X-Frame-Options", "X-XSS-Protection",
7+
conflicting_headers = ["x-frame-options", "x-xss-protection",
88
"x-permitted-cross-domain-policies", "x-download-options",
9-
"X-Content-Type-Options", "strict-transport-security",
9+
"x-content-type-options", "strict-transport-security",
1010
"content-security-policy", "content-security-policy-report-only",
11-
"Public-Key-Pins", "Public-Key-Pins-Report-Only", "referrer-policy"]
11+
"public-key-pins", "public-key-pins-report-only", "referrer-policy"]
1212

1313
initializer "secure_headers.middleware" do
1414
Rails.application.config.middleware.insert_before 0, SecureHeaders::Middleware

0 commit comments

Comments
 (0)