diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-03-26 18:27:49 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-03-26 18:27:49 +0000 |
| commit | 090f2344ecb6631b20df5853045536f1eb0589d3 (patch) | |
| tree | 0b90225fcd4631f20732716683ee3c0997d82d66 | |
| parent | a94f8a3c5e00f137eacfb7fda54157cb4fb77b5f (diff) | |
| parent | 8173ef976f91088d17b28a1581ab6fd80949e462 (diff) | |
| download | gitlab-ce-090f2344ecb6631b20df5853045536f1eb0589d3.tar.gz | |
Merge branch 'set-default-url-options' into 'master'
Set Application controller default URL options to ensure all url_for calls are consistent
### What does this MR do?
This MR sets the app controller's `default_url_options` so that all `url_for` calls are consistent.
### Are there points in the code the reviewer needs to double check?
Setting these options may simplify `url_for` calls that load the GitLab options already. I did not want to touch existing code yet. I'm also not sure if there are other options that need to be included.
### Why was this MR needed?
If you run GitLab behind a reverse proxy or in a Docker container, you don't want a user to be seeing the local IP and port on which GitLab is running (e.g. 192.168.1.1:8080). Right now there are places where this internal data is leaked (e.g. see the URL in Profile Settings -> Account -> Username; this uses `user_url`).
### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)?
#1249
See merge request !453
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 12 |
2 files changed, 13 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index 549e48b3895..242d2c773c6 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 7.10.0 (unreleased) - Fix broken side-by-side diff view on merge request page (Stan Hu) + - Set Application controller default URL options to ensure all url_for calls are consistent (Stan Hu) - Allow HTML tags in Markdown input - Fix code unfold not working on Compare commits page (Stan Hu) - Include missing events and fix save functionality in admin service template settings form (Stan Hu) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e284f31f7ee..2809f90c0d5 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -178,6 +178,18 @@ class ApplicationController < ActionController::Base response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT" end + def default_url_options + if !Rails.env.test? + port = Gitlab.config.gitlab.port unless Gitlab.config.gitlab_on_standard_port? + { host: Gitlab.config.gitlab.host, + protocol: Gitlab.config.gitlab.protocol, + port: port, + script_name: Gitlab.config.gitlab.relative_url_root } + else + super + end + end + def default_headers headers['X-Frame-Options'] = 'DENY' headers['X-XSS-Protection'] = '1; mode=block' |