Revert "Set x-frame-option to sameorigin to allow the Sidekiq iframe to display."

This reverts commit 754b0838. Sidekiq rendered via mounted sinatra app. We don't need to change controller headers. It won't affect sidekiq at all. Please modify nginx config instead for all gitlab app.

Revert "Set x-frame-option to sameorigin to allow the Sidekiq iframe to display."
This reverts commit 754b0838. Sidekiq rendered via mounted sinatra app. We don't need to change controller headers. It won't affect sidekiq at all. Please modify nginx config instead for all gitlab app.
f758438e · GitLab · 754b0838 · f758438e · f758438e
隐藏空白更改
内联并排

Showing with 1 addition and 2 deletion

CHANGELOG CHANGELOG +0 -1

app/controllers/application_controller.rb app/controllers/application_controller.rb +1 -1

未找到文件。
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,7 +13,6 @@ v 7.0.0
  - Group masters can create projects in group
  - Deprecate ruby 1.9.3 support
  - Only masters can rewrite/remove git tags
-  - Header X-Frame-Options allows SAMEORIGIN to display the Sidekiq interface

 v 6.9.2
  - Revert the commit that broke the LDAP user filter

--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -164,7 +164,7 @@ class ApplicationController < ActionController::Base
  end

  def default_headers
-    headers['X-Frame-Options'] = 'SAMEORIGIN' # Allow for the Sidekiq iframe in /admin/background_jobs
+    headers['X-Frame-Options'] = 'DENY'
    headers['X-XSS-Protection'] = '1; mode=block'
    headers['X-UA-Compatible'] = 'IE=edge'
    headers['X-Content-Type-Options'] = 'nosniff'