diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/application.rb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/config/application.rb b/config/application.rb index 5c4eb8f5dff..a135bef342a 100644 --- a/config/application.rb +++ b/config/application.rb @@ -24,6 +24,7 @@ module Gitlab require_dependency Rails.root.join('lib/gitlab/current_settings') require_dependency Rails.root.join('lib/gitlab/middleware/read_only') require_dependency Rails.root.join('lib/gitlab/middleware/basic_health_check') + require_dependency Rails.root.join('lib/gitlab/middleware/same_site_cookies') require_dependency Rails.root.join('lib/gitlab/runtime') # Settings in config/environments/* take precedence over those specified here. @@ -231,6 +232,8 @@ module Gitlab config.middleware.insert_after Warden::Manager, Rack::Attack + config.middleware.insert_before ActionDispatch::Cookies, ::Gitlab::Middleware::SameSiteCookies + # Allow access to GitLab API from other domains config.middleware.insert_before Warden::Manager, Rack::Cors do headers_to_expose = %w[Link X-Total X-Total-Pages X-Per-Page X-Page X-Next-Page X-Prev-Page X-Gitlab-Blob-Id X-Gitlab-Commit-Id X-Gitlab-Content-Sha256 X-Gitlab-Encoding X-Gitlab-File-Name X-Gitlab-File-Path X-Gitlab-Last-Commit-Id X-Gitlab-Ref X-Gitlab-Size] |