Commit 85de55a1 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Dont allow gitlab be loaded in iframe

parent fac50387
...@@ -4,6 +4,7 @@ class ApplicationController < ActionController::Base ...@@ -4,6 +4,7 @@ class ApplicationController < ActionController::Base
before_filter :set_current_user_for_observers before_filter :set_current_user_for_observers
before_filter :add_abilities before_filter :add_abilities
before_filter :dev_tools if Rails.env == 'development' before_filter :dev_tools if Rails.env == 'development'
before_filter :default_headers
protect_from_forgery protect_from_forgery
...@@ -148,4 +149,8 @@ class ApplicationController < ActionController::Base ...@@ -148,4 +149,8 @@ class ApplicationController < ActionController::Base
Rack::MiniProfiler.authorize_request Rack::MiniProfiler.authorize_request
end end
def default_headers
headers['X-Frame-Options'] = 'DENY'
headers['X-XSS-Protection'] = '1; mode=block'
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment