Dont allow gitlab be loaded in iframe

85de55a1 · Dmitriy Zaporozhets · fac50387 · 85de55a1
Commit 85de55a1 authored Feb 02, 2013 by Dmitriy Zaporozhets
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

app/controllers/application_controller.rb app/controllers/application_controller.rb +5 -0

No files found.
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -4,6 +4,7 @@ class ApplicationController < ActionController::Base
  before_filter :set_current_user_for_observers
  before_filter :add_abilities
  before_filter :dev_tools if Rails.env == 'development'
+  before_filter :default_headers

  protect_from_forgery

@@ -148,4 +149,8 @@ class ApplicationController < ActionController::Base
    Rack::MiniProfiler.authorize_request
  end

+  def default_headers
+    headers['X-Frame-Options'] = 'DENY'
+    headers['X-XSS-Protection'] = '1; mode=block'
+  end
 end