diff options
| author | Marin Jankovski <marin@gitlab.com> | 2015-07-20 08:45:58 +0000 |
|---|---|---|
| committer | Marin Jankovski <marin@gitlab.com> | 2015-07-20 08:45:58 +0000 |
| commit | 8fa9da49c4a4d8bc58917699578ed4e59a90d162 (patch) | |
| tree | 296c3b02a5e130e5db5b16dc16d054b86450a2c4 | |
| parent | e5a12596abe48504737cb8633872794aa83ccb32 (diff) | |
| parent | 5f4dcbf8be36e7c87afdc28afd7f2d663a9abf28 (diff) | |
| download | gitlab-ce-8fa9da49c4a4d8bc58917699578ed4e59a90d162.tar.gz | |
Merge branch 'set-omniauth-full-host' into 'master'
Set OmniAuth full_host parameter to ensure redirect URIs are correct
### What does this MR do?
This MR sets the OmniAuth `full_host` parameter to the configured GitLab URL to ensure the `redirect_uri` parameter is called with the right GitLab host.
### Why was this MR needed?
[OmniAuth attempts to grab the request URI](http://awesomeprogrammer.com/blog/2012/12/09/dealing-with-omniauth-redirect-uri-mismatch-invalid-port-number-gotcha/) and use that. If you set up a reverse proxy that terminates SSL at the Web server layer (e.g. https://gitlab.domain.com), omniauth will use the internal URL (e.g. http://my-host:8080) in its redirect URI unless all the Web server headers are properly set (e.g. `X-Forwarded-Port`, etc.). This is easy to forget or mess up, and it's better to ensure that OmniAuth has the right value from the start.
### What are the relevant issue numbers?
Closes #1967
See merge request !991
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | config/initializers/7_omniauth.rb | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index b1d079ef207..0db3dfc04a5 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -4,6 +4,7 @@ v 7.14.0 (unreleased) - Fix label read access for unauthenticated users (Daniel Gerhardt) - Fix OAuth provider bug where GitLab would not go return to the redirect_uri after sign-in (Stan Hu) - Fix file upload dialog for comment editing (Daniel Gerhardt) + - Set OmniAuth full_host parameter to ensure redirect URIs are correct (Stan Hu) - Expire Rails cache entries after two weeks to prevent endless Redis growth - Add support for destroying project milestones (Stan Hu) diff --git a/config/initializers/7_omniauth.rb b/config/initializers/7_omniauth.rb index df73ec1304a..7f73546ac89 100644 --- a/config/initializers/7_omniauth.rb +++ b/config/initializers/7_omniauth.rb @@ -11,6 +11,7 @@ if Gitlab::LDAP::Config.enabled? end end +OmniAuth.config.full_host = Settings.gitlab['url'] OmniAuth.config.allowed_request_methods = [:post] #In case of auto sign-in, the GET method is used (users don't get to click on a button) OmniAuth.config.allowed_request_methods << :get if Gitlab.config.omniauth.auto_sign_in_with_provider.present? |