Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDJ Mountney <david@twkie.net>2017-06-08 19:54:24 +0300
committerDJ Mountney <david@twkie.net>2017-06-08 19:54:24 +0300
commite1d1a5240c98a427f2ef10f2a7cbee0c9a883834 (patch)
tree522fe74f2e5bd2464fc793918e1b1d3327f8df0f
parent982368dc55bbd22f82bf908f8af220056202a65a (diff)
Merge branch 'dz-api-x-frame' into 'security-9-2'
Restrict API X-Frame-Options to same origin See merge request !2103
Diffstat
-rw-r--r--lib/api/api.rb1
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb
index 88f91c07194..d767af36e8e 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -45,6 +45,7 @@ module API
end
before { allow_access_with_scope :api }
+ before { header['X-Frame-Options'] = 'SAMEORIGIN' }
before { Gitlab::I18n.locale = current_user&.preferred_language }
after { Gitlab::I18n.use_default_locale }
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-23 21:54:43 +0300