如何在Rails 3.2中设置应用程序范围内的响应标头?
Rails指导4.0提及[{1}}的安全性:
8个默认标题
来自Rails应用程序的每个HTTP响应都会收到以下内容 默认安全标头。
FATAL EXCEPTION: main Process: com.yai.xdbg, PID: 32202 java.lang.RuntimeException: Failure delivering result ResultInfo{who=null, request=777, result=-1, data=Intent { (has extras) }} to activity {com.yai.xdbg/com.yai.xdbg.LoginActivity}: java.lang.NullPointerException: println needs a message at android.app.ActivityThread.deliverResults(ActivityThread.java:3646) at android.app.ActivityThread.handleSendResult(ActivityThread.java:3689) at android.app.ActivityThread.access$1300(ActivityThread.java:151) at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1362) at android.os.Handler.dispatchMessage(Handler.java:102) at android.os.Looper.loop(Looper.java:135) at android.app.ActivityThread.main(ActivityThread.java:5345) at java.lang.reflect.Method.invoke(Native Method) at java.lang.reflect.Method.invoke(Method.java:372) at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:947) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:742) Caused by: java.lang.NullPointerException: println needs a message at android.util.Log.println_native(Native Method) at android.util.Log.e(Log.java:232) at com.yai.xdbg.LoginActivity.onActivityResult(LoginActivity.java:162) at android.app.Activity.dispatchActivityResult(Activity.java:6226) at android.app.ActivityThread.deliverResults(ActivityThread.java:3642) at android.app.ActivityThread.handleSendResult(ActivityThread.java:3689) at android.app.ActivityThread.access$1300(ActivityThread.java:151) at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1362) at android.os.Handler.dispatchMessage(Handler.java:102) at android.os.Looper.loop(Looper.java:135) at android.app.ActivityThread.main(ActivityThread.java:5345) at java.lang.reflect.Method.invoke(Native Method) at java.lang.reflect.Method.invoke(Method.java:372) at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:947) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:742)
您可以在
config.action_dispatch.default_headers
中配置默认标头。config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN', 'X-XSS-Protection' => '1; mode=block', 'X-Content-Type-Options' => 'nosniff' }
但我在Rails 3.2的安全指南中找不到任何有关标头的应用程序范围配置的信息,或者在Rails 3.2的configuring指南中找不到任何相关内容。 How do you add a custom http header?中的答案似乎要么解决比3.2更新的Rails版本,要么在控制器而不是应用程序范围内修改响应。