Author: rfm
Date: Wed Apr 19 14:47:25 2017
New Revision: 40488
URL: http://svn.gna.org/viewcvs/gnustep?rev=40488&view=rev
Log:
explain what the new header is for
Modified:
libs/webserver/trunk/WebServer.h
Modified: libs/webserver/trunk/WebServer.h
URL:
http://svn.gna.org/viewcvs/gnustep/libs/webserver/trunk/WebServer.h?rev=40488&r1=40487&r2=40488&view=diff
==============================================================================
--- libs/webserver/trunk/WebServer.h (original)
+++ libs/webserver/trunk/WebServer.h Wed Apr 19 14:47:25 2017
@@ -370,7 +370,11 @@
* If this is not defined, the value <code>DENY</code> is used to prevent
* responses from being presented inside frames.<br />
* If this is defined as an empty string, no X-Frame-Options header is set
- * (unless application code explicitly sets the header in the response).
+ * (unless application code explicitly sets the header in the response).<br
/>
+ * Unless you use this option (or your application code explicitly
+ * sets/removes the header), all responses will have the frame option DENY,
+ * which will at least tend to keep security auditors who are afraid of
+ * click-jacking attacks happy, even if it serves no other purpose.
* </desc>
* <term>WebServerHosts</term>
* <desc>An array of host IP addresses to list the hosts permitted to
_______________________________________________
Gnustep-cvs mailing list
Gnustep-cvs@gna.org
https://mail.gna.org/listinfo/gnustep-cvs
