Dont allow gitlab be loaded in iframe

Dmitriy Zaporozhets
1 parent fac50387
Showing 1 changed file with 5 additions and 0 deletions Show diff stats
app/controllers/application_controller.rb
@@ -4,6 +4,7 @@ class ApplicationController &lt; ActionController::Base
   before_filter :set_current_user_for_observers
   before_filter :add_abilities
   before_filter :dev_tools if Rails.env == 'development'
+  before_filter :default_headers
  
   protect_from_forgery
  
@@ -148,4 +149,8 @@ class ApplicationController &lt; ActionController::Base
     Rack::MiniProfiler.authorize_request
   end
  
+  def default_headers
+    headers['X-Frame-Options'] = 'DENY'
+    headers['X-XSS-Protection'] = '1; mode=block'
+  end
 end
...	...	@@ -4,6 +4,7 @@ class ApplicationController < ActionController::Base
4	4	before_filter :set_current_user_for_observers
5	5	before_filter :add_abilities
6	6	before_filter :dev_tools if Rails.env == 'development'
	7	+ before_filter :default_headers
7	8
8	9	protect_from_forgery
9	10
...	...	@@ -148,4 +149,8 @@ class ApplicationController < ActionController::Base
148	149	Rack::MiniProfiler.authorize_request
149	150	end
150	151
	152	+ def default_headers
	153	+ headers['X-Frame-Options'] = 'DENY'
	154	+ headers['X-XSS-Protection'] = '1; mode=block'
	155	+ end
151	156	end
...	...