Commit 754b0838e0c2857b0ca73d2ced675ed5b3042242
1 parent
d7960bca
Exists in
spb-stable
and in
2 other branches
Set x-frame-option to sameorigin to allow the Sidekiq iframe to display.
Showing
2 changed files
with
2 additions
and
1 deletions
Show diff stats
CHANGELOG
| @@ -13,6 +13,7 @@ v 7.0.0 | @@ -13,6 +13,7 @@ v 7.0.0 | ||
| 13 | - Group masters can create projects in group | 13 | - Group masters can create projects in group |
| 14 | - Deprecate ruby 1.9.3 support | 14 | - Deprecate ruby 1.9.3 support |
| 15 | - Only masters can rewrite/remove git tags | 15 | - Only masters can rewrite/remove git tags |
| 16 | + - Header X-Frame-Options allows SAMEORIGIN to display the Sidekiq interface | ||
| 16 | 17 | ||
| 17 | v 6.9.2 | 18 | v 6.9.2 |
| 18 | - Revert the commit that broke the LDAP user filter | 19 | - Revert the commit that broke the LDAP user filter |
app/controllers/application_controller.rb
| @@ -164,7 +164,7 @@ class ApplicationController < ActionController::Base | @@ -164,7 +164,7 @@ class ApplicationController < ActionController::Base | ||
| 164 | end | 164 | end |
| 165 | 165 | ||
| 166 | def default_headers | 166 | def default_headers |
| 167 | - headers['X-Frame-Options'] = 'DENY' | 167 | + headers['X-Frame-Options'] = 'SAMEORIGIN' # Allow for the Sidekiq iframe in /admin/background_jobs |
| 168 | headers['X-XSS-Protection'] = '1; mode=block' | 168 | headers['X-XSS-Protection'] = '1; mode=block' |
| 169 | headers['X-UA-Compatible'] = 'IE=edge' | 169 | headers['X-UA-Compatible'] = 'IE=edge' |
| 170 | headers['X-Content-Type-Options'] = 'nosniff' | 170 | headers['X-Content-Type-Options'] = 'nosniff' |