Merge pull request #7558 from bbodenmiller/patch-4

change X-Frame-Options to SAMEORIGIN for nginx SSL config
author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-08-23 23:50:09 +0300
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-08-23 23:50:09 +0300
commit: eddfdc9eddd89040eb1b7067c2e78fcb9185f4c6 (patch)
tree: 9c2be2050dc85330bbf2a25a732b790964f872c8 /lib/support
parent: 3cbacad86c2eac40fb1f41cf6afffb7ac53a881e (diff)
parent: a3953a46f401e075c4319a49cf4c88825d78ce17 (diff)
download: gitlab-ce-eddfdc9eddd89040eb1b7067c2e78fcb9185f4c6.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl
index 91da0247515..90b4282b1fd 100644
--- a/lib/support/nginx/gitlab-ssl
+++ b/lib/support/nginx/gitlab-ssl
@@ -84,7 +84,7 @@ server {
   ssl_prefer_server_ciphers   on;
 
   add_header Strict-Transport-Security max-age=63072000;
-  add_header X-Frame-Options DENY;
+  add_header X-Frame-Options SAMEORIGIN;
   add_header X-Content-Type-Options nosniff;
 
   ## Individual nginx logs for this GitLab vhost
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-08-23 23:50:09 +0300
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-08-23 23:50:09 +0300
commit	eddfdc9eddd89040eb1b7067c2e78fcb9185f4c6 (patch)
tree	9c2be2050dc85330bbf2a25a732b790964f872c8 /lib/support
parent	3cbacad86c2eac40fb1f41cf6afffb7ac53a881e (diff)
parent	a3953a46f401e075c4319a49cf4c88825d78ce17 (diff)
download	gitlab-ce-eddfdc9eddd89040eb1b7067c2e78fcb9185f4c6.tar.gz