在Rails 3.2中在应用程序范围内设置HTTP响应头

时间:2017-08-15 08:46:14

标签: ruby-on-rails http-headers ruby-on-rails-3.2 response-headers

如何在Rails 3.2中设置应用程序范围内的响应标头?

Rails指导4.0提及[{1}}的安全性:

  

8个默认标题

     

来自Rails应用程序的每个HTTP响应都会收到以下内容   默认安全标头。

FATAL EXCEPTION: main
Process: com.yai.xdbg, PID: 32202
java.lang.RuntimeException: Failure delivering result ResultInfo{who=null, request=777, result=-1, data=Intent { (has extras) }} to activity {com.yai.xdbg/com.yai.xdbg.LoginActivity}: java.lang.NullPointerException: println needs a message
  at android.app.ActivityThread.deliverResults(ActivityThread.java:3646)
  at android.app.ActivityThread.handleSendResult(ActivityThread.java:3689)
  at android.app.ActivityThread.access$1300(ActivityThread.java:151)
  at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1362)
  at android.os.Handler.dispatchMessage(Handler.java:102)
  at android.os.Looper.loop(Looper.java:135)
  at android.app.ActivityThread.main(ActivityThread.java:5345)
  at java.lang.reflect.Method.invoke(Native Method)
  at java.lang.reflect.Method.invoke(Method.java:372)
  at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:947)
  at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:742)
Caused by: java.lang.NullPointerException: println needs a message
  at android.util.Log.println_native(Native Method)
  at android.util.Log.e(Log.java:232)
  at com.yai.xdbg.LoginActivity.onActivityResult(LoginActivity.java:162)
  at android.app.Activity.dispatchActivityResult(Activity.java:6226)
  at android.app.ActivityThread.deliverResults(ActivityThread.java:3642)
  at android.app.ActivityThread.handleSendResult(ActivityThread.java:3689) 
  at android.app.ActivityThread.access$1300(ActivityThread.java:151) 
  at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1362) 
  at android.os.Handler.dispatchMessage(Handler.java:102) 
  at android.os.Looper.loop(Looper.java:135) 
  at android.app.ActivityThread.main(ActivityThread.java:5345) 
  at java.lang.reflect.Method.invoke(Native Method) 
  at java.lang.reflect.Method.invoke(Method.java:372) 
  at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:947) 
  at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:742) 
     

您可以在config.action_dispatch.default_headers中配置默认​​标头。

config.action_dispatch.default_headers = {
  'X-Frame-Options' => 'SAMEORIGIN',
  'X-XSS-Protection' => '1; mode=block',
  'X-Content-Type-Options' => 'nosniff'
}

但我在Rails 3.2的安全指南中找不到任何有关标头的应用程序范围配置的信息,或者在Rails 3.2的configuring指南中找不到任何相关内容。 How do you add a custom http header?中的答案似乎要么解决比3.2更新的Rails版本,要么在控制器而不是应用程序范围内修改响应。

0 个答案:

没有答案