Comparison

plugins/mod_http_file_share.lua @ 11611:a6d1131ac833

mod_http_file_share: Update comment about x-frame-options X-Frame-Options was replaced by the Content-Security-Policy 'frame-ancestors' directive, but Internet Explorer does not support that part of CSP. Since it's just one line it doesn't hurt to keep until some future spring cleaning event :)
author Kim Alvefur <zash@zash.se>
date Sun, 20 Jun 2021 16:30:24 +0200
parent 11594:19aac4247b03
child 11781:9c23e7c8a67a
comparison
equal deleted inserted replaced
11610:d221d764741a 11611:a6d1131ac833
402 402
403 response.headers.cache_control = "max-age=31556952, immutable"; 403 response.headers.cache_control = "max-age=31556952, immutable";
404 response.headers.content_security_policy = "default-src 'none'; frame-ancestors 'none';" 404 response.headers.content_security_policy = "default-src 'none'; frame-ancestors 'none';"
405 response.headers.strict_transport_security = "max-age=31556952"; 405 response.headers.strict_transport_security = "max-age=31556952";
406 response.headers.x_content_type_options = "nosniff"; 406 response.headers.x_content_type_options = "nosniff";
407 response.headers.x_frame_options = "DENY"; -- replaced by frame-ancestors in CSP? 407 response.headers.x_frame_options = "DENY"; -- COMPAT IE missing support for CSP frame-ancestors
408 response.headers.x_xss_protection = "1; mode=block"; 408 response.headers.x_xss_protection = "1; mode=block";
409 409
410 return response:send_file(handle); 410 return response:send_file(handle);
411 end 411 end
412 412