Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Default headers set in Caveman2 core should be optional #90

Open
fukamachi opened this issue Aug 29, 2016 · 0 comments
Open

Default headers set in Caveman2 core should be optional #90

fukamachi opened this issue Aug 29, 2016 · 0 comments

Comments

@fukamachi
Copy link
Owner

Caveman2 sets Cache-Control: private and X-Frame-Options: DENY by default in its core.
Those headers are recommended for security, however, they should be optional.

https://github.com/fukamachi/caveman/blob/master/v2/src/app.lisp#L74-L85

Moving the make-response to under skeleton/ possibly causes a security issue in running web sites. I'll notice before the update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant