Software /
code /
prosody
Comparison
plugins/mod_http_file_share.lua @ 11611:a6d1131ac833
mod_http_file_share: Update comment about x-frame-options
X-Frame-Options was replaced by the Content-Security-Policy
'frame-ancestors' directive, but Internet Explorer does not support that
part of CSP.
Since it's just one line it doesn't hurt to keep until some future
spring cleaning event :)
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 20 Jun 2021 16:30:24 +0200 |
parent | 11594:19aac4247b03 |
child | 11781:9c23e7c8a67a |
comparison
equal
deleted
inserted
replaced
11610:d221d764741a | 11611:a6d1131ac833 |
---|---|
402 | 402 |
403 response.headers.cache_control = "max-age=31556952, immutable"; | 403 response.headers.cache_control = "max-age=31556952, immutable"; |
404 response.headers.content_security_policy = "default-src 'none'; frame-ancestors 'none';" | 404 response.headers.content_security_policy = "default-src 'none'; frame-ancestors 'none';" |
405 response.headers.strict_transport_security = "max-age=31556952"; | 405 response.headers.strict_transport_security = "max-age=31556952"; |
406 response.headers.x_content_type_options = "nosniff"; | 406 response.headers.x_content_type_options = "nosniff"; |
407 response.headers.x_frame_options = "DENY"; -- replaced by frame-ancestors in CSP? | 407 response.headers.x_frame_options = "DENY"; -- COMPAT IE missing support for CSP frame-ancestors |
408 response.headers.x_xss_protection = "1; mode=block"; | 408 response.headers.x_xss_protection = "1; mode=block"; |
409 | 409 |
410 return response:send_file(handle); | 410 return response:send_file(handle); |
411 end | 411 end |
412 | 412 |