Merge branch 'master' into 33466-jobs-navigation-menu33466-jobs-navigation-menu

* master: Clarify API V5 being a compatability layer on top of GraphQL Update per discussion Use RequestStore on MR show.json query count spec Merge branch '25934-project-snippet-vis' into 'security-9-2' Merge branch 'dz-api-x-frame' into 'security-9-2' Merge branch 'dz-restrict-autocomplete' into 'security-9-1' Merge branch 'cherry-pick-dc2ac993' into 'security-9-2' Update rename_system_namespace_spec to new validations. Make the uploader use the updated folder Bring in security changes from the 9.2.5 release Bring in security changes from the 9.2.5 release GitLab GEO also does not support mysql replication
author: Filipa Lacerda <filipa@gitlab.com> 2017-06-08 22:49:14 +0100
committer: Filipa Lacerda <filipa@gitlab.com> 2017-06-08 22:49:14 +0100
commit: 08aff6fb92e8e59d6a818342201ecbbeee19dbe0 (patch)
tree: 1330be3b351e6d7b1375659f8e32113c8979fb55 /lib/api/api.rb
parent: 081f48fb0641758acc524d9e171784a9a6923b5a (diff)
parent: edd8d91194ce79cb5d77973c40436b98eb4d97fc (diff)
download: gitlab-ce-33466-jobs-navigation-menu.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb
index 88f91c07194..d767af36e8e 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -45,6 +45,7 @@ module API
     end
 
     before { allow_access_with_scope :api }
+    before { header['X-Frame-Options'] = 'SAMEORIGIN' }
     before { Gitlab::I18n.locale = current_user&.preferred_language }
 
     after { Gitlab::I18n.use_default_locale }
author	Filipa Lacerda <filipa@gitlab.com>	2017-06-08 22:49:14 +0100
committer	Filipa Lacerda <filipa@gitlab.com>	2017-06-08 22:49:14 +0100
commit	08aff6fb92e8e59d6a818342201ecbbeee19dbe0 (patch)
tree	1330be3b351e6d7b1375659f8e32113c8979fb55 /lib/api/api.rb
parent	081f48fb0641758acc524d9e171784a9a6923b5a (diff)
parent	edd8d91194ce79cb5d77973c40436b98eb4d97fc (diff)
download	gitlab-ce-33466-jobs-navigation-menu.tar.gz