rack-xframe-options

= rack-xframe-options

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a or . Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.

= Resources

• https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
• http://blogs.msdn.com/b/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx

= Installation

gem "rack-xframe-options"

= Usage use Rack::XFrameOptions ("SAMEORIGIN" is default)

or

use Rack::XFrameOptions, "DENY"

== Note on Patches/Pull Requests

• Fork the project.
• Make your feature addition or bug fix.
• Add tests for it. This is important so I don't break it in a future version unintentionally.
• Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
• Send me a pull request. Bonus points for topic branches.

== Copyright

Copyright (c) 2010 Tomasz Mazur. See LICENSE for details.