Commit 754b0838 authored by GitLab's avatar GitLab

Set x-frame-option to sameorigin to allow the Sidekiq iframe to display.

parent d7960bca
...@@ -13,6 +13,7 @@ v 7.0.0 ...@@ -13,6 +13,7 @@ v 7.0.0
- Group masters can create projects in group - Group masters can create projects in group
- Deprecate ruby 1.9.3 support - Deprecate ruby 1.9.3 support
- Only masters can rewrite/remove git tags - Only masters can rewrite/remove git tags
- Header X-Frame-Options allows SAMEORIGIN to display the Sidekiq interface
v 6.9.2 v 6.9.2
- Revert the commit that broke the LDAP user filter - Revert the commit that broke the LDAP user filter
......
...@@ -164,7 +164,7 @@ class ApplicationController < ActionController::Base ...@@ -164,7 +164,7 @@ class ApplicationController < ActionController::Base
end end
def default_headers def default_headers
headers['X-Frame-Options'] = 'DENY' headers['X-Frame-Options'] = 'SAMEORIGIN' # Allow for the Sidekiq iframe in /admin/background_jobs
headers['X-XSS-Protection'] = '1; mode=block' headers['X-XSS-Protection'] = '1; mode=block'
headers['X-UA-Compatible'] = 'IE=edge' headers['X-UA-Compatible'] = 'IE=edge'
headers['X-Content-Type-Options'] = 'nosniff' headers['X-Content-Type-Options'] = 'nosniff'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment