diff options
| author | Robert Speicher <robert@gitlab.com> | 2017-05-23 21:49:44 +0300 |
|---|---|---|
| committer | Timothy Andrew <mail@timothyandrew.net> | 2017-05-26 09:15:41 +0300 |
| commit | 34c6aee6e684a4eb9e5b040025836bb4abd83e82 (patch) | |
| tree | c2dd61d879c3b07e68dcf6fae4b54539a3a1bc1c /lib | |
| parent | 810cc51be37e03ebbe99711a53663956e4ffde8c (diff) | |
Merge branch 'dz-api-x-frame' into 'security-9-2'
Restrict API X-Frame-Options to same origin
See merge request !2103
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/api.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb index 1bf20f76ad6..6b78443cbcb 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -44,6 +44,7 @@ module API end before { allow_access_with_scope :api } + before { header['X-Frame-Options'] = 'SAMEORIGIN' } rescue_from Gitlab::Access::AccessDeniedError do rack_response({ 'message' => '403 Forbidden' }.to_json, 403) |