The source project of this merge request has been removed.
Resolve "HackerOne reported issue: Cookie bomb vulnerability in Pages"
requested to merge (removed):31049-pages-domains-should-be-added-to-publicsuffix-org-docs into master
What does this MR do?
Documents a recommended security practice applicable to GitLab Pages domains
Are there points in the code the reviewer needs to double check?
Why was this MR needed?
We made this change for GitLab.io some time ago (see https://gitlab.com/gitlab-com/infrastructure/issues/230), but have never communicated its desirability to our users.
Screenshots (if relevant)
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
API support added -
Tests added for this feature/bug - Review
-
Has been reviewed by Backend
-
-
Conform by the merge request performance guides -
Conform by the style guides -
Squashed related commits together -
Internationalization required/considered -
End-to-end tests pass ( package-qa
manual pipeline job)
What are the relevant issue numbers?
Closes #31049 (closed)