From e0c29df00d77cad6ac2ed9e9c809062260a5627f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?=
 <rafael@rubyonrails.org>
Date: Thu, 6 Jan 2022 15:40:38 +0000
Subject: [PATCH] Document what the new default_headers will be [ci skip]

---
 guides/source/configuring.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/guides/source/configuring.md b/guides/source/configuring.md
index 7116a5c4e29..f88234ef1f2 100644
--- a/guides/source/configuring.md
+++ b/guides/source/configuring.md
@@ -939,7 +939,6 @@ config.action_dispatch.default_headers = {
   'X-Frame-Options' => 'SAMEORIGIN',
   'X-XSS-Protection' => '1; mode=block',
   'X-Content-Type-Options' => 'nosniff',
-  'X-Download-Options' => 'noopen',
   'X-Permitted-Cross-Domain-Policies' => 'none',
   'Referrer-Policy' => 'strict-origin-when-cross-origin'
 }
@@ -1763,6 +1762,16 @@ Accepts a string for the HTML tag used to wrap attachments. Defaults to `"action
 
 #### For '7.1', defaults from previous versions below and:
 
+- `config.action_dispatch.default_headers`:
+
+    {
+      "X-Frame-Options" => "SAMEORIGIN",
+      "X-XSS-Protection" => "0",
+      "X-Content-Type-Options" => "nosniff",
+      "X-Permitted-Cross-Domain-Policies" => "none",
+      "Referrer-Policy" => "strict-origin-when-cross-origin"
+    }
+
 
 #### For '7.0', defaults from previous versions below and: