summaryrefslogtreecommitdiff
path: root/config/application.rb
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-03-28 09:08:30 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2020-03-28 09:08:30 +0000
commit132dd28342c2bcbd42475f9dffc60dff12ffb8a6 (patch)
tree4c60a8801a24b49921eb7480a61674e422231d1f /config/application.rb
parentdcc65c870d1f8c8fb697a46c2d61f1cef7b9fd3a (diff)
downloadgitlab-ce-132dd28342c2bcbd42475f9dffc60dff12ffb8a6.tar.gz
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'config/application.rb')
-rw-r--r--config/application.rb3
1 files changed, 3 insertions, 0 deletions
diff --git a/config/application.rb b/config/application.rb
index 5c4eb8f5dff..a135bef342a 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -24,6 +24,7 @@ module Gitlab
require_dependency Rails.root.join('lib/gitlab/current_settings')
require_dependency Rails.root.join('lib/gitlab/middleware/read_only')
require_dependency Rails.root.join('lib/gitlab/middleware/basic_health_check')
+ require_dependency Rails.root.join('lib/gitlab/middleware/same_site_cookies')
require_dependency Rails.root.join('lib/gitlab/runtime')
# Settings in config/environments/* take precedence over those specified here.
@@ -231,6 +232,8 @@ module Gitlab
config.middleware.insert_after Warden::Manager, Rack::Attack
+ config.middleware.insert_before ActionDispatch::Cookies, ::Gitlab::Middleware::SameSiteCookies
+
# Allow access to GitLab API from other domains
config.middleware.insert_before Warden::Manager, Rack::Cors do
headers_to_expose = %w[Link X-Total X-Total-Pages X-Per-Page X-Page X-Next-Page X-Prev-Page X-Gitlab-Blob-Id X-Gitlab-Commit-Id X-Gitlab-Content-Sha256 X-Gitlab-Encoding X-Gitlab-File-Name X-Gitlab-File-Path X-Gitlab-Last-Commit-Id X-Gitlab-Ref X-Gitlab-Size]
View Lorry Controller Status