Alarming Dialog when enabling access restrictions for Gitlab pages
After enabling Gitlab Pages access control on our self-managed, internal instance (12.6.4 (70900054dfe)
), every time I want to access published pages I get this dialog:
This is confusing to me and for my users
Source of problem
GitLab Pages are created as not trusted application by default.
(Trusted application just skip this auth screen altogether)
Workaround
- Go to Admin Area -> Applications
- Find Gitlab Pages application and click "Edit" link next to it
- Check Trusted checkbox
- Click Save button
Proposed solution
- Document the workaround above in docs. Unfortunately, even if we start creating "GitLab Pages" as trusted application now, it will remain untrusted for everyone who's already enabled access-control. We also don't mark these apps as "This was automatically created for pages" except for the name of the application. So I wouldn't update the
trusted
flag for existing applications on self-managed. - Create "GitLab Pages" as a trusted application.
- https://gitlab.com/gitlab-org/omnibus-gitlab/blob/47419fa55da0944f141b32b9971c84efae1ee7e0/files/gitlab-cookbooks/gitlab/libraries/gitlab_pages.rb#L86
- https://gitlab.com/gitlab-org/omnibus-gitlab/blob/47419fa55da0944f141b32b9971c84efae1ee7e0/files/gitlab-cookbooks/gitlab/libraries/helpers/authorizer_helper.rb#L9
Sidenote
We should consider doing the same for Mattermost bundled with GitLab: https://docs.gitlab.com/omnibus/gitlab-mattermost/
It uses the same auth mechanism and has the same auth-screen as the result.
But I know almost nothing about it and can't say if there any security problems with doing that.
Edited by 🤖 GitLab Bot 🤖