Skip to content
Snippets Groups Projects
Commit e1d1a524 authored by DJ Mountney's avatar DJ Mountney
Browse files

Merge branch 'dz-api-x-frame' into 'security-9-2' 

Restrict API X-Frame-Options to same origin

See merge request !2103
parent 982368dc
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 0 deletions
lib/api/api.rb
+ 1
0
View file @ e1d1a524
@@ -45,6 +45,7 @@ module API
end
 
before { allow_access_with_scope :api }
before { header['X-Frame-Options'] = 'SAMEORIGIN' }
before { Gitlab::I18n.locale = current_user&.preferred_language }
 
after { Gitlab::I18n.use_default_locale }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment