From fec8dc94e1796bdbec8149606b0ade4538c04f0a Mon Sep 17 00:00:00 2001 From: DaveyWood Date: Sat, 2 May 2020 15:03:11 -0400 Subject: [PATCH] fix typo --- docs/security-outro.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/security-outro.html b/docs/security-outro.html index f151bfb..1be94d9 100644 --- a/docs/security-outro.html +++ b/docs/security-outro.html @@ -76,7 +76,7 @@

Miscellaneous

XSS, Sniffing, XFrame

Common security headers help ensure your web application is secure, whether you run it behind nginx or not.

Coast by default attempts to protect your web app from XSS attacks, unwanted iframe embeds, and content-type sniffing.

XSS

Coast by default passes this to app which results in the header X-XSS-Protection=1; mode=block being sent on every response.

{:security {:xss-protection {:enable? true, :mode :block}}}
-

No Sniff

The majority of modern browsers attempts to detect the Content-Type of a request by sniffing its content, meaning a file ending in .txt could be executed as JavaScript if it contains JavaScript code.

This behavior is disabled by default with the map:

{:security {:content-type-options :nosniff}}
+

No Sniff

The majority of modern browsers attempt to detect the Content-Type of a request by sniffing its content, meaning a file ending in .txt could be executed as JavaScript if it contains JavaScript code.

This behavior is disabled by default with the map:

{:security {:content-type-options :nosniff}}

XFrame

Coast also makes it easy for you to control the embed behavior of your website inside an iframe.

Available options are :deny, :same-origin or :allow-from [http://example.com]:

The default is :deny

{:security {:frame-options  :deny}}