diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-12-30 10:19:33 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-12-30 10:19:33 +0000 |
| commit | 24820d5eef31ea688ad7191722c02579240bf669 (patch) | |
| tree | 86a1b591298643343293c7a5b6761be2715058b4 | |
| parent | e2dbe0fad7f04826bde06ae9e8d16ca0bc8a2ce2 (diff) | |
| parent | 94c96cd4458b89e3280fec8cc8ed42a69e063191 (diff) | |
| download | gitlab-ce-24820d5eef31ea688ad7191722c02579240bf669.tar.gz | |
Merge branch 'useful_http_headers' of /home/git/repositories/gitlab/gitlabhq
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 2 |
2 files changed, 3 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index 01dbcc3c688..25f10c15f5f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -8,6 +8,7 @@ v 6.5.0 - Add project visibility icons to dashboard - Enable secure cookies if https used - Protect users/confirmation with rack_attack + - Default HTTP headers to protect against MIME-sniffing, force https if enabled v6.4.3 - Don't use unicorn worker killer if PhusionPassenger is defined diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0e714dbfcdf..cf14cd9a1df 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -161,6 +161,8 @@ class ApplicationController < ActionController::Base headers['X-Frame-Options'] = 'DENY' headers['X-XSS-Protection'] = '1; mode=block' headers['X-UA-Compatible'] = 'IE=edge' + headers['X-Content-Type-Options'] = 'nosniff' + headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' if Gitlab.config.gitlab.https end def add_gon_variables |