proto: Drop deprecated `http_host` fields (!5722) · Merge requests · GitLab.org / gitaly

Patrick Steinhardt requested to merge pks-proto-remove-deprecated-http-host-fields into master May 04, 2023

The http_host field was added in order to avoid DNS rebinding attacks. Callers would send us both the pre-resolved URL and the hostname so that we would directly connect to the pre-resolved address, but still be able to set the HTTP Host header as expected. This approach was replaced in favor of the new resolved_address field, where Gitaly receives the un-resolved URL and resolved IP address so that it can perform the mapping internally.

We have thus deprecated the http_host field via cbdc5290 (proto: Deprecate http_host field, 2022-09-30). Remove the fields.

Closes #4502 (closed).

Edited May 04, 2023 by Patrick Steinhardt

proto: Drop deprecated `http_host` fields

Merge request reports