Skip to content
Snippets Groups Projects
Commit 85de55a1 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets
Browse files

Dont allow gitlab be loaded in iframe

parent fac50387
No related branches found
No related tags found
1 merge request!2940Expanding repos and hooks paths in settings
Hide whitespace changes
Inline Side-by-side
app/controllers/application_controller.rb
+ 5
0
View file @ 85de55a1
@@ -4,6 +4,7 @@ class ApplicationController < ActionController::Base
before_filter :set_current_user_for_observers
before_filter :add_abilities
before_filter :dev_tools if Rails.env == 'development'
before_filter :default_headers
 
protect_from_forgery
 
@@ -148,4 +149,8 @@ class ApplicationController < ActionController::Base
Rack::MiniProfiler.authorize_request
end
 
def default_headers
headers['X-Frame-Options'] = 'DENY'
headers['X-XSS-Protection'] = '1; mode=block'
end
end
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment