diff options
| author | Douwe Maan <douwe@gitlab.com> | 2017-11-01 09:25:49 +0000 |
|---|---|---|
| committer | Michael Kozono <mkozono@gmail.com> | 2017-11-08 20:11:18 -0800 |
| commit | 20ac30a705f4edd22efd934ecf68b58557f868db (patch) | |
| tree | 0057e7dbc3e7925bc8e0b3353fb460acb05f5478 /lib/api | |
| parent | 89bd78352e4c575a0293f9c431dd677d288d28d2 (diff) | |
| download | gitlab-ce-20ac30a705f4edd22efd934ecf68b58557f868db.tar.gz | |
Merge branch '36099-api-responses-missing-x-content-type-options-header' into '10-1-stable'
Include X-Content-Type-Options (XCTO) header into API responses
See merge request gitlab/gitlabhq!2211
(cherry picked from commit 6c818e77f2abeef2dd7b17a269611b018701fa79)
e087e075 Include X-Content-Type-Options (XCTO) header into API responses
Diffstat (limited to 'lib/api')
| -rw-r--r-- | lib/api/api.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb index c37e596eb9d..8094597d238 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -61,7 +61,10 @@ module API mount ::API::V3::Variables end - before { header['X-Frame-Options'] = 'SAMEORIGIN' } + before do + header['X-Frame-Options'] = 'SAMEORIGIN' + header['X-Content-Type-Options'] = 'nosniff' + end # The locale is set to the current user's locale when `current_user` is loaded after { Gitlab::I18n.use_default_locale } |