Revert "Set x-frame-option to sameorigin to allow the Sidekiq iframe to display."

This reverts commit 754b0838. Sidekiq rendered via mounted sinatra app. We don't need to change controller headers. It won't affect sidekiq at all. Please modify nginx config instead for all gitlab app.

Revert "Set x-frame-option to sameorigin to allow the Sidekiq iframe to display."
This reverts commit 754b0838. Sidekiq rendered via mounted sinatra app. We don't need to change controller headers. It won't affect sidekiq at all. Please modify nginx config instead for all gitlab app.
f758438e · GitLab · 754b0838 · f758438e · f758438e
Commit f758438e authored Jun 03, 2014 by GitLab
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 2 deletions

CHANGELOG CHANGELOG +0 -1

app/controllers/application_controller.rb app/controllers/application_controller.rb +1 -1

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,7 +13,6 @@ v 7.0.0
  - Group masters can create projects in group
  - Deprecate ruby 1.9.3 support
  - Only masters can rewrite/remove git tags
-  - Header X-Frame-Options allows SAMEORIGIN to display the Sidekiq interface

 v 6.9.2
  - Revert the commit that broke the LDAP user filter

--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -164,7 +164,7 @@ class ApplicationController < ActionController::Base
  end

  def default_headers
-    headers['X-Frame-Options'] = 'SAMEORIGIN' # Allow for the Sidekiq iframe in /admin/background_jobs
+    headers['X-Frame-Options'] = 'DENY'
    headers['X-XSS-Protection'] = '1; mode=block'
    headers['X-UA-Compatible'] = 'IE=edge'
    headers['X-Content-Type-Options'] = 'nosniff'