Dont allow gitlab be loaded in iframe

author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-02-02 20:32:13 +0200
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-02-02 20:32:13 +0200
commit: 85de55a120a615f8cf51a343a89789b802d776e2 (patch)
tree: 749deeb285d27f9c7e9a148bf18deaddd452d5e3
parent: fac503877dbd3541009a30c8b9353d6eef85b059 (diff)
download: gitlab-ce-85de55a120a615f8cf51a343a89789b802d776e2.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 74125e3308a..ca2a5623f42 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -4,6 +4,7 @@ class ApplicationController < ActionController::Base
   before_filter :set_current_user_for_observers
   before_filter :add_abilities
   before_filter :dev_tools if Rails.env == 'development'
+  before_filter :default_headers
 
   protect_from_forgery
 
@@ -148,4 +149,8 @@ class ApplicationController < ActionController::Base
     Rack::MiniProfiler.authorize_request
   end
 
+  def default_headers
+    headers['X-Frame-Options'] = 'DENY'
+    headers['X-XSS-Protection'] = '1; mode=block'
+  end
 end
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-02-02 20:32:13 +0200
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-02-02 20:32:13 +0200
commit	85de55a120a615f8cf51a343a89789b802d776e2 (patch)
tree	749deeb285d27f9c7e9a148bf18deaddd452d5e3
parent	fac503877dbd3541009a30c8b9353d6eef85b059 (diff)
download	gitlab-ce-85de55a120a615f8cf51a343a89789b802d776e2.tar.gz