delete conflicting headers in initializer

Author: naiyt

lib/secure_headers.rb

@@ -157,19 +157,11 @@ def set_a_header(name, klass, options=nil)
     def set_header(name_or_header, value=nil)
       if name_or_header.is_a?(Header)
         header = name_or_header
-        if default_header?(header.name)
-          Rails.application.config.action_dispatch.default_headers[header.name] = header.value
-        else
-          response.headers[header.name] = header.value
-        end
+        response.headers[header.name] = header.value
       else
         response.headers[name_or_header] = value
       end
     end
-
-    def default_header?(name)
-      Rails.application.config.action_dispatch.default_headers.has_key?(name)
-    end
   end
 end
 

lib/secure_headers/railtie.rb

@@ -3,9 +3,15 @@
   module SecureHeaders
     class Railtie < Rails::Engine
       isolate_namespace ::SecureHeaders if defined? isolate_namespace # rails 3.0
+      conflicting_headers = ['X-Frame-Options', 'X-XSS-Protection', 'X-Content-Options']
       initializer "secure_headers.action_controller" do
         ActiveSupport.on_load(:action_controller) do
           include ::SecureHeaders
+
+          conflicting_headers.each do |header|
+            Rails.application.config.action_dispatch.default_headers.delete[header]
+          end
+
         end
       end
     end