lib/secure_headers/railtie.rb in secure_headers-2.0.0.pre2 vs lib/secure_headers/railtie.rb in secure_headers-2.0.0

@@ -1,12 +1,25 @@
 # rails 3.1+
 if defined?(Rails::Railtie)
   module SecureHeaders
     class Railtie < Rails::Engine
       isolate_namespace ::SecureHeaders if defined? isolate_namespace # rails 3.0
+      conflicting_headers = ['X-Frame-Options', 'X-XSS-Protection', 'X-Content-Type-Options',
+                             'X-Permitted-Cross-Domain-Policies', 'X-Download-Options',
+                             'X-Content-Type-Options', 'Strict-Transport-Security',
+                             'Content-Security-Policy', 'Content-Security-Policy-Report-Only',
+                             'X-Permitted-Cross-Domain-Policies','Public-Key-Pins','Public-Key-Pins-Report-Only']
+
       initializer "secure_headers.action_controller" do
         ActiveSupport.on_load(:action_controller) do
           include ::SecureHeaders
+
+          unless Rails.application.config.action_dispatch.default_headers.nil?
+            conflicting_headers.each do |header|
+              Rails.application.config.action_dispatch.default_headers.delete(header)
+            end
+          end
+
         end
       end
     end
   end
 else