Skip to content

Commit

Permalink
HTTP headers protect against MIME-sniffing, force https if enabled.
Browse files Browse the repository at this point in the history
  • Loading branch information
@maxlazio
maxlazio committed Dec 30, 2013
1 parent e2dbe0f commit 94c96cd
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ v 6.5.0
- Add project visibility icons to dashboard
- Enable secure cookies if https used
- Protect users/confirmation with rack_attack
- Default HTTP headers to protect against MIME-sniffing, force https if enabled

v6.4.3
- Don't use unicorn worker killer if PhusionPassenger is defined
Expand Down
2 changes: 2 additions & 0 deletions app/controllers/application_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,8 @@ def default_headers
headers['X-Frame-Options'] = 'DENY'
headers['X-XSS-Protection'] = '1; mode=block'
headers['X-UA-Compatible'] = 'IE=edge'
headers['X-Content-Type-Options'] = 'nosniff'
headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' if Gitlab.config.gitlab.https
end

def add_gon_variables
Expand Down

0 comments on commit 94c96cd

Please sign in to comment.