Merge commit '7fabc892f251740dbd9a4755baede662e6854870' into object-storage-ee-to-ce-backport

author: Kamil Trzciński <ayufan@ayufan.eu> 2018-02-28 20:36:55 +0100
committer: Kamil Trzciński <ayufan@ayufan.eu> 2018-02-28 20:36:55 +0100
commit: 965dc28691e2d70b7040e28d90ccbc3721a9e416 (patch)
tree: 84258f35b72f2e7ce6a7198db66032df4ad5aadb /lib/api/api.rb
parent: e3fafa7632e038927085cf8c8228c93be44b36bd (diff)
parent: 7fabc892f251740dbd9a4755baede662e6854870 (diff)
download: gitlab-ce-965dc28691e2d70b7040e28d90ccbc3721a9e416.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb
index c37e596eb9d..8094597d238 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -61,7 +61,10 @@ module API
       mount ::API::V3::Variables
     end
 
-    before { header['X-Frame-Options'] = 'SAMEORIGIN' }
+    before do
+      header['X-Frame-Options'] = 'SAMEORIGIN'
+      header['X-Content-Type-Options'] = 'nosniff'
+    end
 
     # The locale is set to the current user's locale when `current_user` is loaded
     after { Gitlab::I18n.use_default_locale }
author	Kamil Trzciński <ayufan@ayufan.eu>	2018-02-28 20:36:55 +0100
committer	Kamil Trzciński <ayufan@ayufan.eu>	2018-02-28 20:36:55 +0100
commit	965dc28691e2d70b7040e28d90ccbc3721a9e416 (patch)
tree	84258f35b72f2e7ce6a7198db66032df4ad5aadb /lib/api/api.rb
parent	e3fafa7632e038927085cf8c8228c93be44b36bd (diff)
parent	7fabc892f251740dbd9a4755baede662e6854870 (diff)
download	gitlab-ce-965dc28691e2d70b7040e28d90ccbc3721a9e416.tar.gz