HTTP headers protect against MIME-sniffing, force https if enabled.
This commit is contained in:
parent
e2dbe0fad7
commit
94c96cd445
|
@ -8,6 +8,7 @@ v 6.5.0
|
|||
- Add project visibility icons to dashboard
|
||||
- Enable secure cookies if https used
|
||||
- Protect users/confirmation with rack_attack
|
||||
- Default HTTP headers to protect against MIME-sniffing, force https if enabled
|
||||
|
||||
v6.4.3
|
||||
- Don't use unicorn worker killer if PhusionPassenger is defined
|
||||
|
|
|
@ -161,6 +161,8 @@ class ApplicationController < ActionController::Base
|
|||
headers['X-Frame-Options'] = 'DENY'
|
||||
headers['X-XSS-Protection'] = '1; mode=block'
|
||||
headers['X-UA-Compatible'] = 'IE=edge'
|
||||
headers['X-Content-Type-Options'] = 'nosniff'
|
||||
headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' if Gitlab.config.gitlab.https
|
||||
end
|
||||
|
||||
def add_gon_variables
|
||||
|
|
Loading…
Reference in New Issue