Apply suggestions from code review

github · Dec 6, 2024 · 399706f · 399706f
1 parent 869e8a6
commit 399706f
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -92,7 +92,7 @@ end
 ```
 
 ### Deprecated Configuration Values
-* `block_all_mixed_content` - this value is deprecated in favor of `upgrade_insecure_requests`. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/content-security-policy/block-all-mixed-content for more information.
+* `block_all_mixed_content` - this value is deprecated in favor of `upgrade_insecure_requests`. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/block-all-mixed-content for more information.
 
 ## Default values
 
@@ -101,11 +101,11 @@ All headers except for PublicKeyPins and ClearSiteData have a default value. The
 ```
 content-security-policy: default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src https:; style-src 'self' https: 'unsafe-inline'
 strict-transport-security: max-age=631138519
-X-Content-Type-Options: nosniff
+x-content-type-options: nosniff
 x-download-options: noopen
-X-Frame-Options: sameorigin
+x-frame-options: sameorigin
 x-permitted-cross-domain-policies: none
-X-Xss-Protection: 0
+x-xss-protection: 0
 ```
 
 ## API configurations

diff --git a/lib/secure_headers/railtie.rb b/lib/secure_headers/railtie.rb
@@ -4,11 +4,11 @@
   module SecureHeaders
     class Railtie < Rails::Railtie
       isolate_namespace SecureHeaders if defined? isolate_namespace # rails 3.0
-      conflicting_headers = ["X-Frame-Options", "X-XSS-Protection",
+      conflicting_headers = ["x-frame-options", "x-xss-protection",
                              "x-permitted-cross-domain-policies", "x-download-options",
-                             "X-Content-Type-Options", "strict-transport-security",
+                             "x-content-type-options", "strict-transport-security",
                              "content-security-policy", "content-security-policy-report-only",
-                             "Public-Key-Pins", "Public-Key-Pins-Report-Only", "referrer-policy"]
+                             "public-key-pins", "public-key-pins-report-only", "referrer-policy"]
 
       initializer "secure_headers.middleware" do
         Rails.application.config.middleware.insert_before 0, SecureHeaders::Middleware