diff options
| author | Robert Speicher <robert@gitlab.com> | 2017-05-23 21:49:44 +0300 |
|---|---|---|
| committer | Timothy Andrew <mail@timothyandrew.net> | 2017-05-31 06:57:25 +0300 |
| commit | 88d0ccd551f0334304de665ece94ba9810c60de7 (patch) | |
| tree | ca2f8b129c6d370698544a070f9dea8c407bc087 /lib | |
| parent | 664ee81486a3205675cfadf3c98f9654d256f538 (diff) | |
Merge branch 'dz-api-x-frame' into 'security-9-2'
Restrict API X-Frame-Options to same origin
See merge request !2103
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/api.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb index 52cd7cbe3db..6f5f4283937 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -45,6 +45,7 @@ module API end before { allow_access_with_scope :api } + before { header['X-Frame-Options'] = 'SAMEORIGIN' } before { Gitlab::I18n.set_locale(current_user) } after { Gitlab::I18n.reset_locale } |