class Marten::Middleware::XFrameOptions
- Marten::Middleware::XFrameOptions
- Marten::Middleware
- Reference
- Object
Overview
Sets the X-Frame-Options header in the response if it wasn't already set.
When this middleware is used, a X-Frame-Options header will be inserted into the HTTP response. The default value
for this header (configurable in the x_frame_options setting) is "DENY", which means that the response cannot be
displayed in a frame. This allows to prevent click-jacking attacks, by ensuring that the web app cannot be
embedded into other sites.
On the other hand, if the x_frame_options is set to "SAMEORIGIN" the page can be displayed in a frame if the
site including is the same as the one serving the page.
Defined in:
marten/middleware/x_frame_options.crInstance Method Summary
-
#call(request : Marten::HTTP::Request, get_response : Proc(Marten::HTTP::Response)) : Marten::HTTP::Response
Calls the middleware for a given HTTP request and returns a HTTP response.
Instance methods inherited from class Marten::Middleware
call(request : Marten::HTTP::Request, get_response : Proc(Marten::HTTP::Response)) : Marten::HTTP::Response
call,
next : Nil | Middleware
next,
next=(next __arg0 : Nil | Middleware)
next=
Instance Method Detail
Calls the middleware for a given HTTP request and returns a HTTP response.
This method must be implemented by subclasses: it takes a request argument (the current HTTP request) and a
get_response proc that allows to get the final response. This proc might actually call the next middleware in
the chain of configured middlewares, or the final matched handler. That way, the current middleware have the
ability to intercept any incoming request and the associated response, and to modify them if applicable.