Commit f758438ed5de9e8ccf2d91131626610787470b00
1 parent
754b0838
Exists in
spb-stable
and in
2 other branches
Revert "Set x-frame-option to sameorigin to allow the Sidekiq iframe to display."
This reverts commit 754b0838e0c2857b0ca73d2ced675ed5b3042242. Sidekiq rendered via mounted sinatra app. We don't need to change controller headers. It won't affect sidekiq at all. Please modify nginx config instead for all gitlab app.
Showing
2 changed files
with
1 additions
and
2 deletions
Show diff stats
CHANGELOG
| @@ -13,7 +13,6 @@ v 7.0.0 | @@ -13,7 +13,6 @@ v 7.0.0 | ||
| 13 | - Group masters can create projects in group | 13 | - Group masters can create projects in group |
| 14 | - Deprecate ruby 1.9.3 support | 14 | - Deprecate ruby 1.9.3 support |
| 15 | - Only masters can rewrite/remove git tags | 15 | - Only masters can rewrite/remove git tags |
| 16 | - - Header X-Frame-Options allows SAMEORIGIN to display the Sidekiq interface | ||
| 17 | 16 | ||
| 18 | v 6.9.2 | 17 | v 6.9.2 |
| 19 | - Revert the commit that broke the LDAP user filter | 18 | - Revert the commit that broke the LDAP user filter |
app/controllers/application_controller.rb
| @@ -164,7 +164,7 @@ class ApplicationController < ActionController::Base | @@ -164,7 +164,7 @@ class ApplicationController < ActionController::Base | ||
| 164 | end | 164 | end |
| 165 | 165 | ||
| 166 | def default_headers | 166 | def default_headers |
| 167 | - headers['X-Frame-Options'] = 'SAMEORIGIN' # Allow for the Sidekiq iframe in /admin/background_jobs | 167 | + headers['X-Frame-Options'] = 'DENY' |
| 168 | headers['X-XSS-Protection'] = '1; mode=block' | 168 | headers['X-XSS-Protection'] = '1; mode=block' |
| 169 | headers['X-UA-Compatible'] = 'IE=edge' | 169 | headers['X-UA-Compatible'] = 'IE=edge' |
| 170 | headers['X-Content-Type-Options'] = 'nosniff' | 170 | headers['X-Content-Type-Options'] = 'nosniff' |