diff options
| author | Sebastian Ziebell <sebastian.ziebell@asquera.de> | 2013-02-08 10:32:42 +0100 |
|---|---|---|
| committer | Sebastian Ziebell <sebastian.ziebell@asquera.de> | 2013-02-08 10:32:42 +0100 |
| commit | 8045a81bcf5822f1992442750e1484a93c368229 (patch) | |
| tree | 94ce2b257f3ba002ac1a0fde70b69b622304810d /app/controllers/application_controller.rb | |
| parent | 5d8a99f10429168e6471fdd1843f5045a10a84b3 (diff) | |
| parent | 2f0a75ab77af430f682d67aa9bb865007d832795 (diff) | |
| download | gitlab-ce-8045a81bcf5822f1992442750e1484a93c368229.tar.gz | |
Merge branch 'master' into fixes/api
Diffstat (limited to 'app/controllers/application_controller.rb')
| -rw-r--r-- | app/controllers/application_controller.rb | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 74125e3308a..1f211bac9c2 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -4,16 +4,12 @@ class ApplicationController < ActionController::Base before_filter :set_current_user_for_observers before_filter :add_abilities before_filter :dev_tools if Rails.env == 'development' + before_filter :default_headers protect_from_forgery helper_method :abilities, :can? - rescue_from Gitlab::Gitolite::AccessDenied do |exception| - log_exception(exception) - render "errors/gitolite", layout: "errors", status: 500 - end - rescue_from Encoding::CompatibilityError do |exception| log_exception(exception) render "errors/encoding", layout: "errors", status: 500 @@ -148,4 +144,8 @@ class ApplicationController < ActionController::Base Rack::MiniProfiler.authorize_request end + def default_headers + headers['X-Frame-Options'] = 'DENY' + headers['X-XSS-Protection'] = '1; mode=block' + end end |