summaryrefslogtreecommitdiff
path: root/app/controllers/application_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/application_controller.rb')
-rw-r--r--app/controllers/application_controller.rb10
1 files changed, 5 insertions, 5 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 74125e3308a..1f211bac9c2 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -4,16 +4,12 @@ class ApplicationController < ActionController::Base
before_filter :set_current_user_for_observers
before_filter :add_abilities
before_filter :dev_tools if Rails.env == 'development'
+ before_filter :default_headers
protect_from_forgery
helper_method :abilities, :can?
- rescue_from Gitlab::Gitolite::AccessDenied do |exception|
- log_exception(exception)
- render "errors/gitolite", layout: "errors", status: 500
- end
-
rescue_from Encoding::CompatibilityError do |exception|
log_exception(exception)
render "errors/encoding", layout: "errors", status: 500
@@ -148,4 +144,8 @@ class ApplicationController < ActionController::Base
Rack::MiniProfiler.authorize_request
end
+ def default_headers
+ headers['X-Frame-Options'] = 'DENY'
+ headers['X-XSS-Protection'] = '1; mode=block'
+ end
end
View Lorry Controller Status