PhoenixApiToolkit.Security.Plugs.put_security_headers
You're seeing just the function
put_security_headers
, go back to PhoenixApiToolkit.Security.Plugs module for more information.
Specs
put_security_headers(Plug.Conn.t(), Plug.opts()) :: Plug.Conn.t()
Adds security headers to the response as recommended for API's by OWASP. Sets
"x-frame-options": "deny"
and "x-content-type-options": "nosniff"
.
Examples
use Plug.Test
# it does what it says it does
iex> conn = conn(:get, "/")
iex> put_security_headers(conn).resp_headers -- conn.resp_headers
[{"x-frame-options", "deny"}, {"x-content-type-options", "nosniff"}]