Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
754b0838
Commit
754b0838
authored
Jun 03, 2014
by
GitLab
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Set x-frame-option to sameorigin to allow the Sidekiq iframe to display.
parent
d7960bca
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
2 additions
and
1 deletion
+2
-1
CHANGELOG
CHANGELOG
+1
-0
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+1
-1
No files found.
CHANGELOG
View file @
754b0838
...
@@ -13,6 +13,7 @@ v 7.0.0
...
@@ -13,6 +13,7 @@ v 7.0.0
- Group masters can create projects in group
- Group masters can create projects in group
- Deprecate ruby 1.9.3 support
- Deprecate ruby 1.9.3 support
- Only masters can rewrite/remove git tags
- Only masters can rewrite/remove git tags
- Header X-Frame-Options allows SAMEORIGIN to display the Sidekiq interface
v 6.9.2
v 6.9.2
- Revert the commit that broke the LDAP user filter
- Revert the commit that broke the LDAP user filter
...
...
app/controllers/application_controller.rb
View file @
754b0838
...
@@ -164,7 +164,7 @@ class ApplicationController < ActionController::Base
...
@@ -164,7 +164,7 @@ class ApplicationController < ActionController::Base
end
end
def
default_headers
def
default_headers
headers
[
'X-Frame-Options'
]
=
'
DENY'
headers
[
'X-Frame-Options'
]
=
'
SAMEORIGIN'
# Allow for the Sidekiq iframe in /admin/background_jobs
headers
[
'X-XSS-Protection'
]
=
'1; mode=block'
headers
[
'X-XSS-Protection'
]
=
'1; mode=block'
headers
[
'X-UA-Compatible'
]
=
'IE=edge'
headers
[
'X-UA-Compatible'
]
=
'IE=edge'
headers
[
'X-Content-Type-Options'
]
=
'nosniff'
headers
[
'X-Content-Type-Options'
]
=
'nosniff'
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment