Skip to content

G
gitlab-ce
Commit 24820d5e authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets
Browse files
Options

Merge branch 'useful_http_headers' of /home/git/repositories/gitlab/gitlabhq

parents e2dbe0fa 94c96cd4
Show whitespace changes
Inline Side-by-side
Showing with 3 additions and 0 deletions
CHANGELOG
View file @ 24820d5e
...@@ -8,6 +8,7 @@ v 6.5.0 ...@@ -8,6 +8,7 @@ v 6.5.0
- Add project visibility icons to dashboard - Add project visibility icons to dashboard
- Enable secure cookies if https used - Enable secure cookies if https used
- Protect users/confirmation with rack_attack - Protect users/confirmation with rack_attack
- Default HTTP headers to protect against MIME-sniffing, force https if enabled
v6.4.3 v6.4.3
- Don't use unicorn worker killer if PhusionPassenger is defined - Don't use unicorn worker killer if PhusionPassenger is defined
......
app/controllers/application_controller.rb
View file @ 24820d5e
...@@ -161,6 +161,8 @@ class ApplicationController < ActionController::Base ...@@ -161,6 +161,8 @@ class ApplicationController < ActionController::Base
headers['X-Frame-Options'] = 'DENY' headers['X-Frame-Options'] = 'DENY'
headers['X-XSS-Protection'] = '1; mode=block' headers['X-XSS-Protection'] = '1; mode=block'
headers['X-UA-Compatible'] = 'IE=edge' headers['X-UA-Compatible'] = 'IE=edge'
headers['X-Content-Type-Options'] = 'nosniff'
headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' if Gitlab.config.gitlab.https
end end
def add_gon_variables def add_gon_variables
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7