Skip to content

Security and safety improvements for gitlab-workhorse integration

Jacob Vosmaer requested to merge jacobvosmaer-gitlab/gitlab-ce:gitlab-workhorse-safeties into master

Companion to gitlab-workhorse!60 (merged)

  • Use a custom content type when sending data to gitlab-workhorse
  • Verify (using JWT and a shared secret on disk) that internal API requests came from gitlab-workhorse

This will allow us to build features in gitlab-workhorse that require more trust, and protect us against programming mistakes in the future.

This is designed so that no action is required for installations from source. For omnibus-gitlab we need to add code that manages the shared secret.

Merge request reports