Set x-frame-option to sameorigin to allow the Sidekiq iframe to display.

author: GitLab <gitlab@localhost> 2014-06-03 15:17:08 +0200
committer: GitLab <gitlab@localhost> 2014-06-03 15:17:08 +0200
commit: 754b0838e0c2857b0ca73d2ced675ed5b3042242 (patch)
tree: bfc9534b2b6e444348eb51715493cd0ba57b32c4
parent: d7960bca8d2dbc67d369e70fee468364c4850481 (diff)
download: gitlab-ce-754b0838e0c2857b0ca73d2ced675ed5b3042242.tar.gz
2 files changed, 2 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 97d1299bae6..53db2dc2dc6 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,6 +13,7 @@ v 7.0.0
   - Group masters can create projects in group
   - Deprecate ruby 1.9.3 support
   - Only masters can rewrite/remove git tags
+  - Header X-Frame-Options allows SAMEORIGIN to display the Sidekiq interface
 
 v 6.9.2
   - Revert the commit that broke the LDAP user filter
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 2730e9942ec..efb7ad2de18 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -164,7 +164,7 @@ class ApplicationController < ActionController::Base
   end
 
   def default_headers
-    headers['X-Frame-Options'] = 'DENY'
+    headers['X-Frame-Options'] = 'SAMEORIGIN' # Allow for the Sidekiq iframe in /admin/background_jobs
     headers['X-XSS-Protection'] = '1; mode=block'
     headers['X-UA-Compatible'] = 'IE=edge'
     headers['X-Content-Type-Options'] = 'nosniff'
author	GitLab <gitlab@localhost>	2014-06-03 15:17:08 +0200
committer	GitLab <gitlab@localhost>	2014-06-03 15:17:08 +0200
commit	754b0838e0c2857b0ca73d2ced675ed5b3042242 (patch)
tree	bfc9534b2b6e444348eb51715493cd0ba57b32c4
parent	d7960bca8d2dbc67d369e70fee468364c4850481 (diff)
download	gitlab-ce-754b0838e0c2857b0ca73d2ced675ed5b3042242.tar.gz