diff options
author | Robert Speicher <robert@gitlab.com> | 2016-06-08 23:29:23 +0000 |
---|---|---|
committer | Robert Speicher <robert@gitlab.com> | 2016-06-08 23:29:23 +0000 |
commit | 5d66e0e0e33d0a4c0627dda60008bf889dfa9137 (patch) | |
tree | 71c7b600ec5fda0509801891f58e8969dbef22c7 | |
parent | 0001a0cf9dfd7217639ce82648d1908926a8e874 (diff) | |
parent | 63ed80321b00b96b79e064d1932528b8617d1625 (diff) | |
download | gitlab-ce-5d66e0e0e33d0a4c0627dda60008bf889dfa9137.tar.gz |
Merge branch 'git-http-no-authenticity-token' into 'master'
Disable CSRF protection when serving Git HTTP clients
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18331
See merge request !4538
-rw-r--r-- | app/controllers/projects/git_http_controller.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/app/controllers/projects/git_http_controller.rb b/app/controllers/projects/git_http_controller.rb index 380139a9c30..348d6cf4d96 100644 --- a/app/controllers/projects/git_http_controller.rb +++ b/app/controllers/projects/git_http_controller.rb @@ -1,6 +1,8 @@ class Projects::GitHttpController < Projects::ApplicationController attr_reader :user + # Git clients will not know what authenticity token to send along + skip_before_action :verify_authenticity_token skip_before_action :repository before_action :authenticate_user before_action :ensure_project_found! |