diff options
Diffstat (limited to 'app/controllers/base_action_controller.rb')
-rw-r--r-- | app/controllers/base_action_controller.rb | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/app/controllers/base_action_controller.rb b/app/controllers/base_action_controller.rb new file mode 100644 index 00000000000..af2c9e98778 --- /dev/null +++ b/app/controllers/base_action_controller.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +# GitLab lightweight base action controller +# +# This class should be limited to content that +# is desired/required for *all* controllers in +# GitLab. +# +# Most controllers inherit from `ApplicationController`. +# Some controllers don't want or need all of that +# logic and instead inherit from `ActionController::Base`. +# This makes it difficult to set security headers and +# handle other critical logic across *all* controllers. +# +# Between this controller and `ApplicationController` +# no controller should ever inherit directly from +# `ActionController::Base` +# +# rubocop:disable Rails/ApplicationController +# rubocop:disable Gitlab/NamespacedClass +class BaseActionController < ActionController::Base + before_action :security_headers + + private + + def security_headers + headers['Cross-Origin-Opener-Policy'] = 'same-origin' if ::Feature.enabled?(:coop_header) + end +end +# rubocop:enable Gitlab/NamespacedClass +# rubocop:enable Rails/ApplicationController |