sinatra / rack-protection

NOTE: This project has been merged upstream to sinatra/sinatra
https://github.com/sinatra/sinatra/tree/master/rack-protection
818 stars 58 forks source link

X-Frame-Options sameorigin case #25

Closed darscan closed 11 years ago

darscan commented 12 years ago

As far as I can tell the only valid values are DENY and SAMEORIGIN (uppercase).

http://redbot.org/ reports that sameorigin (lowercase) is an unknown X-Frame-Options value.

rkh commented 12 years ago

Well, the browsers support sameorigin, but we can change it.

darscan commented 12 years ago

It would be nice to get rid of that warning, but I'd say the priority is ultra-uber-low