Skip to content

Resolve "Allow HTTPS cloning by Runners if it is disabled for users"

What does this MR do?

Makes HTTP(s) protocol available for CI clone/fetch, even if it's disabled in general.

Are there points in the code the reviewer needs to double check?

Security. With this change we're changing current implementation of checking if HTTP(s) git operations are enabled. We should ensure, that this change doesn't open any security vulnerabilities.

EE port in gitlab-org/gitlab-ee!5253

Why was this MR needed?

Please look into #44389 (closed) for a reference.

Screenshots (if relevant)

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Closes #44389 (closed)

Edited by Tomasz Maczukin

Merge request reports