module Lucky::SecureHeaders::SetFrameGuard

Overview

This module sets the HTTP header X-Frame-Options. It's job is responsible for deciding which site can call your site from within a frame. For more information, read up on Clickjacking.

Include this module in the actions you want to add this to. A required method #frame_guard_value must be defined`

class BrowserAction < Lucky::Action
  include Lucky::SecureHeaders::SetFrameGuard

  def frame_guard_value : String
    "deny"
  end
end

Options

The #frame_guard_value method must be defined and return a String It can have one of 3 String values:

"sameorigin"
"deny"
a valid URL e.g. "https://mysite.com"

Defined in:

lucky/secure_headers/set_frame_guard.cr

Instance Method Summary

#frame_guard_value : String

Instance Method Detail

abstract def frame_guard_value : String #

[View source]