Merge branch 'git-http-no-authenticity-token' into 'master'

Disable CSRF protection when serving Git HTTP clients Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18331 See merge request !4538
author: Robert Speicher <robert@gitlab.com> 2016-06-08 23:29:23 +0000
committer: Robert Speicher <robert@gitlab.com> 2016-06-08 23:29:23 +0000
commit: 5d66e0e0e33d0a4c0627dda60008bf889dfa9137 (patch)
tree: 71c7b600ec5fda0509801891f58e8969dbef22c7
parent: 0001a0cf9dfd7217639ce82648d1908926a8e874 (diff)
parent: 63ed80321b00b96b79e064d1932528b8617d1625 (diff)
download: gitlab-ce-5d66e0e0e33d0a4c0627dda60008bf889dfa9137.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/app/controllers/projects/git_http_controller.rb b/app/controllers/projects/git_http_controller.rb
index 380139a9c30..348d6cf4d96 100644
--- a/app/controllers/projects/git_http_controller.rb
+++ b/app/controllers/projects/git_http_controller.rb
@@ -1,6 +1,8 @@
 class Projects::GitHttpController < Projects::ApplicationController
   attr_reader :user
 
+  # Git clients will not know what authenticity token to send along
+  skip_before_action :verify_authenticity_token
   skip_before_action :repository
   before_action :authenticate_user
   before_action :ensure_project_found!
author	Robert Speicher <robert@gitlab.com>	2016-06-08 23:29:23 +0000
committer	Robert Speicher <robert@gitlab.com>	2016-06-08 23:29:23 +0000
commit	5d66e0e0e33d0a4c0627dda60008bf889dfa9137 (patch)
tree	71c7b600ec5fda0509801891f58e8969dbef22c7
parent	0001a0cf9dfd7217639ce82648d1908926a8e874 (diff)
parent	63ed80321b00b96b79e064d1932528b8617d1625 (diff)
download	gitlab-ce-5d66e0e0e33d0a4c0627dda60008bf889dfa9137.tar.gz