Re-enable sanboxed mermaid FF with a fix

This fixes an issue with rendering sandboxed mermaid diagrams for self-hosted instances without CSP enabled - Update X-Frame-Options to use SAMEORIGIN - Enable :sandbxoed_mermaid flag by default Changelog: added

Re-enable sanboxed mermaid FF with a fix
This fixes an issue with rendering sandboxed mermaid diagrams for self-hosted instances without CSP enabled - Update X-Frame-Options to use SAMEORIGIN - Enable :sandbxoed_mermaid flag by default Changelog: added
8db1c36c · Dheeraj Joshi · bd3bbc05 · 8db1c36c · 8db1c36c
Commit 8db1c36c authored Jan 25, 2022 by Dheeraj Joshi
Showing with 2 additions and 2 deletions

app/controllers/application_controller.rb app/controllers/application_controller.rb +1 -1

config/feature_flags/development/sandboxed_mermaid.yml config/feature_flags/development/sandboxed_mermaid.yml +1 -1

No files found.
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -273,7 +273,7 @@ class ApplicationController < ActionController::Base
  end

  def default_headers
-    headers['X-Frame-Options'] = 'DENY'
+    headers['X-Frame-Options'] = 'SAMEORIGIN'
    headers['X-XSS-Protection'] = '1; mode=block'
    headers['X-UA-Compatible'] = 'IE=edge'
    headers['X-Content-Type-Options'] = 'nosniff'

--- a/config/feature_flags/development/sandboxed_mermaid.yml
+++ b/config/feature_flags/development/sandboxed_mermaid.yml
@@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/349755
 milestone: '14.7'
 type: development
 group: group::analyzer frontend
-default_enabled: false
+default_enabled: true