diff options
Diffstat (limited to 'app/controllers/application_controller.rb')
| -rw-r--r-- | app/controllers/application_controller.rb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 63fc146f1d1..362b03e0d5e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -183,7 +183,10 @@ class ApplicationController < ActionController::Base headers['X-XSS-Protection'] = '1; mode=block' headers['X-UA-Compatible'] = 'IE=edge' headers['X-Content-Type-Options'] = 'nosniff' - headers['Strict-Transport-Security'] = 'max-age=31536000' if Gitlab.config.gitlab.https + # Enabling HSTS for non-standard ports would send clients to the wrong port + if Gitlab.config.gitlab.https and Gitlab.config.gitlab.port == 443 + headers['Strict-Transport-Security'] = 'max-age=31536000' + end end def add_gon_variables @@ -265,6 +268,7 @@ class ApplicationController < ActionController::Base params[:scope] = 'all' if params[:scope].blank? params[:state] = 'opened' if params[:state].blank? + @sort = params[:sort] @filter_params = params.dup if @project |