Set x-frame-option to sameorigin to allow the Sidekiq iframe to display.

GitLab
1 parent d7960bca
Showing 2 changed files with 2 additions and 1 deletions Show diff stats
CHANGELOG
app/controllers/application_controller.rb
@@ -13,6 +13,7 @@ v 7.0.0
   - Group masters can create projects in group
   - Deprecate ruby 1.9.3 support
   - Only masters can rewrite/remove git tags
+  - Header X-Frame-Options allows SAMEORIGIN to display the Sidekiq interface
  
 v 6.9.2
   - Revert the commit that broke the LDAP user filter
@@ -164,7 +164,7 @@ class ApplicationController &lt; ActionController::Base
   end
  
   def default_headers
-    headers['X-Frame-Options'] = 'DENY'
+    headers['X-Frame-Options'] = 'SAMEORIGIN' # Allow for the Sidekiq iframe in /admin/background_jobs
     headers['X-XSS-Protection'] = '1; mode=block'
     headers['X-UA-Compatible'] = 'IE=edge'
     headers['X-Content-Type-Options'] = 'nosniff'
...	...	@@ -13,6 +13,7 @@ v 7.0.0
13	13	- Group masters can create projects in group
14	14	- Deprecate ruby 1.9.3 support
15	15	- Only masters can rewrite/remove git tags
	16	+ - Header X-Frame-Options allows SAMEORIGIN to display the Sidekiq interface
16	17
17	18	v 6.9.2
18	19	- Revert the commit that broke the LDAP user filter
...	...
...	...	@@ -164,7 +164,7 @@ class ApplicationController < ActionController::Base
164	164	end
165	165
166	166	def default_headers
167		- headers['X-Frame-Options'] = 'DENY'
	167	+ headers['X-Frame-Options'] = 'SAMEORIGIN' # Allow for the Sidekiq iframe in /admin/background_jobs
168	168	headers['X-XSS-Protection'] = '1; mode=block'
169	169	headers['X-UA-Compatible'] = 'IE=edge'
170	170	headers['X-Content-Type-Options'] = 'nosniff'
...	...