-
Notifications
You must be signed in to change notification settings - Fork 509
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configure Padrino to set CSP header #2204
Comments
I haven't looked too closely at this issue, but you could take a look at the secure_headers library and see if that helps with setting it. They have a guide to set it up with Sinatra(almost same setup with Padrino) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have an application that uses Padrino and in it we are having a problem because there is a page that needs to be opened in an iframe in another application. At first the page is blocked because x-frame-options is set to sameorigin.
As I researched more details on, I found that the best solution would be to use Content Security Policy, which is supported by most browsers.
However, I can not get the Padrino to use it. I saw that the padrino uses Sinatra and Rack::Protection to set up the header, but I cannot get my application to put the Content-Security-Policy header on response.
I was able to disable x-frame-options to avoid conflicts, but I can not enable csp.
Here are my
config\apps.rb
Response Header:
The text was updated successfully, but these errors were encountered: