diff options
| author | DJ Mountney <david@twkie.net> | 2017-06-08 09:54:24 -0700 |
|---|---|---|
| committer | DJ Mountney <david@twkie.net> | 2017-06-08 09:54:24 -0700 |
| commit | e1d1a5240c98a427f2ef10f2a7cbee0c9a883834 (patch) | |
| tree | 522fe74f2e5bd2464fc793918e1b1d3327f8df0f /lib | |
| parent | 982368dc55bbd22f82bf908f8af220056202a65a (diff) | |
| download | gitlab-ce-e1d1a5240c98a427f2ef10f2a7cbee0c9a883834.tar.gz | |
Merge branch 'dz-api-x-frame' into 'security-9-2'
Restrict API X-Frame-Options to same origin
See merge request !2103
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/api.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb index 88f91c07194..d767af36e8e 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -45,6 +45,7 @@ module API end before { allow_access_with_scope :api } + before { header['X-Frame-Options'] = 'SAMEORIGIN' } before { Gitlab::I18n.locale = current_user&.preferred_language } after { Gitlab::I18n.use_default_locale } |