From 9104dda057cc7f2c65f07e509013f3cff10db590 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Tue, 8 Feb 2022 16:54:12 +0000
Subject: Add latest changes from gitlab-org/gitlab@14-7-stable-ee

---
 app/assets/javascripts/pages/admin/index.js          | 2 ++
 app/controllers/application_controller.rb            | 2 +-
 app/models/clusters/concerns/elasticsearch_client.rb | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/pages/admin/index.js b/app/assets/javascripts/pages/admin/index.js
index 8d5dfd689e8..f0f85b82e2b 100644
--- a/app/assets/javascripts/pages/admin/index.js
+++ b/app/assets/javascripts/pages/admin/index.js
@@ -1,8 +1,10 @@
+import initGitlabVersionCheck from '~/gitlab_version_check';
 import initAdminStatisticsPanel from '../../admin/statistics_panel/index';
 import initVueAlerts from '../../vue_alerts';
 import initAdmin from './admin';
 
 initVueAlerts();
+initGitlabVersionCheck();
 
 const statisticsPanelContainer = document.getElementById('js-admin-statistics-container');
 initAdmin();
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index d3ecbdcc1f6..8e758c669db 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -273,7 +273,7 @@ class ApplicationController < ActionController::Base
   end
 
   def default_headers
-    headers['X-Frame-Options'] = 'DENY'
+    headers['X-Frame-Options'] = 'SAMEORIGIN'
     headers['X-XSS-Protection'] = '1; mode=block'
     headers['X-UA-Compatible'] = 'IE=edge'
     headers['X-Content-Type-Options'] = 'nosniff'
diff --git a/app/models/clusters/concerns/elasticsearch_client.rb b/app/models/clusters/concerns/elasticsearch_client.rb
index 7b0b6bdae02..e9aab7897a8 100644
--- a/app/models/clusters/concerns/elasticsearch_client.rb
+++ b/app/models/clusters/concerns/elasticsearch_client.rb
@@ -15,7 +15,7 @@ module Clusters
 
           proxy_url = kube_client.proxy_url('service', service_name, ELASTICSEARCH_PORT, ELASTICSEARCH_NAMESPACE)
 
-          Elasticsearch::Client.new(url: proxy_url) do |faraday|
+          Elasticsearch::Client.new(url: proxy_url, adapter: :net_http) do |faraday|
             # ensures headers containing auth data are appended to original client options
             faraday.headers.merge!(kube_client.headers)
             # ensure TLS certs are properly verified
-- 
cgit v1.2.3