diff options
Diffstat (limited to 'lib/api/api.rb')
-rw-r--r-- | lib/api/api.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb index 79e55a2f4f7..1664197689d 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -57,7 +57,10 @@ module API mount ::API::V3::Variables end - before { header['X-Frame-Options'] = 'SAMEORIGIN' } + before do + header['X-Frame-Options'] = 'SAMEORIGIN' + header['X-Content-Type-Options'] = 'nosniff' + end # The locale is set to the current user's locale when `current_user` is loaded after { Gitlab::I18n.use_default_locale } |