Merge branch 'djadmin-fix-mermaid-sandbox-self-host' into 'master'

Allow self-hosted instances to render same-origin Iframe See merge request gitlab-org/gitlab!79043

Merge branch 'djadmin-fix-mermaid-sandbox-self-host' into 'master'
Allow self-hosted instances to render same-origin Iframe See merge request gitlab-org/gitlab!79043
6d809ce1 · Igor Drozdov · 6ce093b2 · 8db1c36c · 6d809ce1 · 6d809ce1
Commit 6d809ce1 authored Jan 25, 2022 by Igor Drozdov
Showing with 2 additions and 2 deletions

app/controllers/application_controller.rb app/controllers/application_controller.rb +1 -1

config/feature_flags/development/sandboxed_mermaid.yml config/feature_flags/development/sandboxed_mermaid.yml +1 -1

No files found.
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -273,7 +273,7 @@ class ApplicationController < ActionController::Base
  end

  def default_headers
-    headers['X-Frame-Options'] = 'DENY'
+    headers['X-Frame-Options'] = 'SAMEORIGIN'
    headers['X-XSS-Protection'] = '1; mode=block'
    headers['X-UA-Compatible'] = 'IE=edge'
    headers['X-Content-Type-Options'] = 'nosniff'

--- a/config/feature_flags/development/sandboxed_mermaid.yml
+++ b/config/feature_flags/development/sandboxed_mermaid.yml
@@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/349755
 milestone: '14.7'
 type: development
 group: group::analyzer frontend
-default_enabled: false
+default_enabled: true