Revert "Set x-frame-option to sameorigin to allow the Sidekiq iframe to display."

This reverts commit 754b0838e0c2857b0ca73d2ced675ed5b3042242.

Sidekiq rendered via mounted sinatra app. We don't need to change
controller headers. It won't affect sidekiq at all. Please modify nginx
config instead for all gitlab app.

2 files changed, 1 insertions, 2 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 53db2dc2dc6..97d1299bae6 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,7 +13,6 @@ v 7.0.0
   - Group masters can create projects in group
   - Deprecate ruby 1.9.3 support
   - Only masters can rewrite/remove git tags
-  - Header X-Frame-Options allows SAMEORIGIN to display the Sidekiq interface
 
 v 6.9.2
   - Revert the commit that broke the LDAP user filter
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index efb7ad2de18..2730e9942ec 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -164,7 +164,7 @@ class ApplicationController < ActionController::Base
   end
 
   def default_headers
-    headers['X-Frame-Options'] = 'SAMEORIGIN' # Allow for the Sidekiq iframe in /admin/background_jobs
+    headers['X-Frame-Options'] = 'DENY'
     headers['X-XSS-Protection'] = '1; mode=block'
     headers['X-UA-Compatible'] = 'IE=edge'
     headers['X-Content-Type-Options'] = 'nosniff'