Author: rfm Date: Wed Apr 19 14:47:25 2017 New Revision: 40488 URL: http://svn.gna.org/viewcvs/gnustep?rev=40488&view=rev Log: explain what the new header is for
Modified: libs/webserver/trunk/WebServer.h Modified: libs/webserver/trunk/WebServer.h URL: http://svn.gna.org/viewcvs/gnustep/libs/webserver/trunk/WebServer.h?rev=40488&r1=40487&r2=40488&view=diff ============================================================================== --- libs/webserver/trunk/WebServer.h (original) +++ libs/webserver/trunk/WebServer.h Wed Apr 19 14:47:25 2017 @@ -370,7 +370,11 @@ * If this is not defined, the value <code>DENY</code> is used to prevent * responses from being presented inside frames.<br /> * If this is defined as an empty string, no X-Frame-Options header is set - * (unless application code explicitly sets the header in the response). + * (unless application code explicitly sets the header in the response).<br /> + * Unless you use this option (or your application code explicitly + * sets/removes the header), all responses will have the frame option DENY, + * which will at least tend to keep security auditors who are afraid of + * click-jacking attacks happy, even if it serves no other purpose. * </desc> * <term>WebServerHosts</term> * <desc>An array of host IP addresses to list the hosts permitted to _______________________________________________ Gnustep-cvs mailing list Gnustep-cvs@gna.org https://mail.gna.org/listinfo/gnustep-cvs