1. 21 Sep, 2018 1 commit
  2. 24 Jul, 2018 1 commit
  3. 31 May, 2018 1 commit
  4. 25 Jan, 2018 1 commit
  5. 10 Aug, 2017 1 commit
  6. 08 Aug, 2017 1 commit
  7. 01 Aug, 2017 1 commit
  8. 30 May, 2017 1 commit
  9. 26 May, 2017 1 commit
    • Jacob Vosmaer's avatar
      Duplicate gitaly init variables in 'default' file · 39c6dd5b
      Jacob Vosmaer authored
      This is needed because these variables depend (directly or indirectly)
      on the 'app_root' variable which can be changed in the default file.
      If app_root has a non-standard value, the value of e.g. gitaly_dir
      generated in the init script becomes invalid.
      39c6dd5b
  10. 06 Apr, 2017 1 commit
  11. 21 Mar, 2017 1 commit
  12. 08 Mar, 2017 1 commit
  13. 03 Mar, 2017 2 commits
  14. 01 Mar, 2017 1 commit
  15. 07 Feb, 2017 1 commit
  16. 31 Jan, 2017 13 commits
  17. 27 Jan, 2017 1 commit
  18. 12 Dec, 2016 1 commit
  19. 08 Aug, 2016 1 commit
  20. 12 Jul, 2016 1 commit
    • Jacob Vosmaer's avatar
      Defend against 'Host' header injection · 47b5b441
      Jacob Vosmaer authored
      Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/17877 .
      
      This change adds 'defense in depth' against 'Host' HTTP header
      injection. It affects normal users in the following way. Suppose your
      GitLab server has IP address 1.2.3.4 and hostname gitlab.example.com.
      Currently, if you enter 1.2.3.4 in your browser, you get redirected to
      1.2.3.4/users/sign_in. After this change, you get redirected from
      1.2.3.4 to gitlab.example.com/users/sign_in. This is because the
      address you typed in the address bar of your browser ('1.2.3.4'),
      which gets stored in the 'Host' header, is now being overwritten to
      'gitlab.example.com' in NGINX.
      
      In this change we also make NGINX clear the 'X-Forwarded-Host' header
      because Ruby on Rails also uses that header the same wayas the 'Host'
      header.
      
      We think that for most GitLab servers this is the right behavior, and
      if not then administrators can change this behavior themselves at the
      NGINX level.
      47b5b441
  21. 03 Jun, 2016 2 commits
  22. 23 May, 2016 1 commit
  23. 22 May, 2016 1 commit
  24. 28 Apr, 2016 1 commit
  25. 22 Apr, 2016 1 commit
  26. 14 Apr, 2016 1 commit