From 0d6cd4414c2549c0eab98ae5e6e5e98a13ea266a Mon Sep 17 00:00:00 2001
From: Ted Bowman <ted+git@tedbow.com>
Date: Fri, 29 Dec 2023 13:50:25 -0500
Subject: [PATCH] Contrib: allow any version of core in build tests to allow
 gitlab core clone tests -
 https://git.drupalcode.org/project/automatic_updates/-/commit/7a8446a8028c09f4287fc5e014f26e98b8b9b658

---
 .../Core/EventSubscriber/FinishResponseSubscriber.php       | 6 ++++--
 .../Composer/Template/ComposerProjectTemplatesTest.php      | 5 ++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/core/lib/Drupal/Core/EventSubscriber/FinishResponseSubscriber.php b/core/lib/Drupal/Core/EventSubscriber/FinishResponseSubscriber.php
index 8dc9bac392ea..6fc54a38c00f 100644
--- a/core/lib/Drupal/Core/EventSubscriber/FinishResponseSubscriber.php
+++ b/core/lib/Drupal/Core/EventSubscriber/FinishResponseSubscriber.php
@@ -123,8 +123,10 @@ public function onRespond(ResponseEvent $event) {
     // different from the declared content-type, since that can lead to
     // XSS and other vulnerabilities.
     // https://owasp.org/www-project-secure-headers
-    $response->headers->set('X-Content-Type-Options', 'nosniff', FALSE);
-    $response->headers->set('X-Frame-Options', 'SAMEORIGIN', FALSE);
+    $response->headers->set('X-Content-Type-Options', 'nosniff');
+    if (!$response->headers->has('X-Frame-Options')) {
+      $response->headers->set('X-Frame-Options', 'SAMEORIGIN');
+    }
 
     // If the current response isn't an implementation of the
     // CacheableResponseInterface, we assume that a Response is either
diff --git a/core/tests/Drupal/BuildTests/Composer/Template/ComposerProjectTemplatesTest.php b/core/tests/Drupal/BuildTests/Composer/Template/ComposerProjectTemplatesTest.php
index 23d0dbbf68e6..9fb7fd7804b6 100644
--- a/core/tests/Drupal/BuildTests/Composer/Template/ComposerProjectTemplatesTest.php
+++ b/core/tests/Drupal/BuildTests/Composer/Template/ComposerProjectTemplatesTest.php
@@ -30,9 +30,12 @@ class ComposerProjectTemplatesTest extends ComposerBuildTestBase {
   /**
    * The minimum stability requirement for dependencies.
    *
+   * @todo Temporarily changing to 'beta' to allow php-tuf/composer-stager
+   *   dependency. This will be done in https://drupal.org/i/3331078.
+   *
    * @see https://getcomposer.org/doc/04-schema.md#minimum-stability
    */
-  protected const MINIMUM_STABILITY = 'stable';
+  protected const MINIMUM_STABILITY = 'beta';
 
   /**
    * The order of stability strings from least stable to most stable.
-- 
GitLab