diff options
| author | Douwe Maan <douwe@gitlab.com> | 2017-11-01 12:25:49 +0300 |
|---|---|---|
| committer | Michael Kozono <mkozono@gmail.com> | 2017-11-09 07:11:18 +0300 |
| commit | 20ac30a705f4edd22efd934ecf68b58557f868db (patch) | |
| tree | 0057e7dbc3e7925bc8e0b3353fb460acb05f5478 /lib/api/api.rb | |
| parent | 89bd78352e4c575a0293f9c431dd677d288d28d2 (diff) | |
Merge branch '36099-api-responses-missing-x-content-type-options-header' into '10-1-stable'
Include X-Content-Type-Options (XCTO) header into API responses
See merge request gitlab/gitlabhq!2211
(cherry picked from commit 6c818e77f2abeef2dd7b17a269611b018701fa79)
e087e075 Include X-Content-Type-Options (XCTO) header into API responses
Diffstat (limited to 'lib/api/api.rb')
| -rw-r--r-- | lib/api/api.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb index c37e596eb9d..8094597d238 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -61,7 +61,10 @@ module API mount ::API::V3::Variables end - before { header['X-Frame-Options'] = 'SAMEORIGIN' } + before do + header['X-Frame-Options'] = 'SAMEORIGIN' + header['X-Content-Type-Options'] = 'nosniff' + end # The locale is set to the current user's locale when `current_user` is loaded after { Gitlab::I18n.use_default_locale } |