Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGELOG1
-rw-r--r--app/controllers/application_controller.rb2
2 files changed, 3 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 01dbcc3c688..25f10c15f5f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -8,6 +8,7 @@ v 6.5.0
- Add project visibility icons to dashboard
- Enable secure cookies if https used
- Protect users/confirmation with rack_attack
+ - Default HTTP headers to protect against MIME-sniffing, force https if enabled
v6.4.3
- Don't use unicorn worker killer if PhusionPassenger is defined
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0e714dbfcdf..cf14cd9a1df 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -161,6 +161,8 @@ class ApplicationController < ActionController::Base
headers['X-Frame-Options'] = 'DENY'
headers['X-XSS-Protection'] = '1; mode=block'
headers['X-UA-Compatible'] = 'IE=edge'
+ headers['X-Content-Type-Options'] = 'nosniff'
+ headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' if Gitlab.config.gitlab.https
end
def add_gon_variables
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-11 22:50:38 +0300