Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
94c96cd4
Commit
94c96cd4
authored
Dec 30, 2013
by
Marin Jankovski
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
HTTP headers protect against MIME-sniffing, force https if enabled.
parent
e2dbe0fa
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
3 additions
and
0 deletions
+3
-0
CHANGELOG
CHANGELOG
+1
-0
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+2
-0
No files found.
CHANGELOG
View file @
94c96cd4
...
@@ -8,6 +8,7 @@ v 6.5.0
...
@@ -8,6 +8,7 @@ v 6.5.0
- Add project visibility icons to dashboard
- Add project visibility icons to dashboard
- Enable secure cookies if https used
- Enable secure cookies if https used
- Protect users/confirmation with rack_attack
- Protect users/confirmation with rack_attack
- Default HTTP headers to protect against MIME-sniffing, force https if enabled
v6.4.3
v6.4.3
- Don't use unicorn worker killer if PhusionPassenger is defined
- Don't use unicorn worker killer if PhusionPassenger is defined
...
...
app/controllers/application_controller.rb
View file @
94c96cd4
...
@@ -161,6 +161,8 @@ class ApplicationController < ActionController::Base
...
@@ -161,6 +161,8 @@ class ApplicationController < ActionController::Base
headers
[
'X-Frame-Options'
]
=
'DENY'
headers
[
'X-Frame-Options'
]
=
'DENY'
headers
[
'X-XSS-Protection'
]
=
'1; mode=block'
headers
[
'X-XSS-Protection'
]
=
'1; mode=block'
headers
[
'X-UA-Compatible'
]
=
'IE=edge'
headers
[
'X-UA-Compatible'
]
=
'IE=edge'
headers
[
'X-Content-Type-Options'
]
=
'nosniff'
headers
[
'Strict-Transport-Security'
]
=
'max-age=31536000; includeSubDomains'
if
Gitlab
.
config
.
gitlab
.
https
end
end
def
add_gon_variables
def
add_gon_variables
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment