Merge branch 'dz-api-x-frame' into 'security-9-2'
Restrict API X-Frame-Options to same origin See merge request !2103
This commit is contained in:
parent
982368dc55
commit
e1d1a5240c
|
@ -45,6 +45,7 @@ module API
|
|||
end
|
||||
|
||||
before { allow_access_with_scope :api }
|
||||
before { header['X-Frame-Options'] = 'SAMEORIGIN' }
|
||||
before { Gitlab::I18n.locale = current_user&.preferred_language }
|
||||
|
||||
after { Gitlab::I18n.use_default_locale }
|
||||
|
|
Loading…
Reference in New Issue