plume/frame_options

X-Frame-Options

This response header indicates whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Sites can use this to avoid click-jacking attacks by ensuring that their content is not embedded into other sites.

See the MDN docs.

Types

FrameOptions

</>

An X-Frame-Options header value.

pub type FrameOptions {
  Deny
  SameOrigin
}

Constructors

```
Deny
```
The page cannot be displayed in a frame, regardless of the site attempting to do so.
```
SameOrigin
```
The page can only be displayed in a frame on the same origin as the page itself. Plume default.

Values

to_string

</>

pub fn to_string(value: FrameOptions) -> String

Encode as the X-Frame-Options header value.