class Kemal::Shield::XFrameOptions

Kemal::Shield::XFrameOptions
Kemal::Shield::Handler
Kemal::Handler
Reference
Object

Overview

Kemal::Shield::XFrameOptions is a handler that sets the X-Frame-Options HTTP header. This header restricts who can put your site in a frame which can help mitigate things like clickjacking attacks.

This handler sets the X-Frame-Options header to "SAMEORIGIN" by default.

Kemal::Shield::XFrameOptions only supports "SAMEORIGIN" and "DENY".

The X-Frame-Options header can be updated by changing the value of:

Kemal::Shield.config.x_frame_options

This handler can be turned off by setting

Kemal::Shield.config.x_frame_options_on = false

Defined in:

kemal-shield/handlers/x_frame_options.cr

Constructors

.new(opt = "SAMEORIGIN")

Instance Method Summary

#call(context)

Constructor Detail

def self.new(opt = "SAMEORIGIN") #

[View source]

Instance Method Detail

def call(context) #