diff options
| author | Patricio Cano <suprnova32@gmail.com> | 2016-06-23 17:37:57 -0500 |
|---|---|---|
| committer | Patricio Cano <suprnova32@gmail.com> | 2016-07-05 16:54:22 -0500 |
| commit | 41c87b9a23d7ebf24c3c100a4c261b8d2a68d0ff (patch) | |
| tree | 6e84819da4d1017a70357e243abfb759214b157d | |
| parent | ace309d7755d6d50f85169649429e237ebb32b76 (diff) | |
| download | gitlab-ce-41c87b9a23d7ebf24c3c100a4c261b8d2a68d0ff.tar.gz | |
Return :forbidden if HTTP protocol access is not allowed
| -rw-r--r-- | app/controllers/projects/git_http_controller.rb | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/app/controllers/projects/git_http_controller.rb b/app/controllers/projects/git_http_controller.rb index f124333bd5b..072702ec9a2 100644 --- a/app/controllers/projects/git_http_controller.rb +++ b/app/controllers/projects/git_http_controller.rb @@ -19,6 +19,8 @@ class Projects::GitHttpController < Projects::ApplicationController render_ok elsif receive_pack? && receive_pack_allowed? render_ok + elsif !upload_pack_allowed? + render_not_allowed else render_not_found end @@ -154,6 +156,10 @@ class Projects::GitHttpController < Projects::ApplicationController render plain: 'Not Found', status: :not_found end + def render_not_allowed + render json: access.to_json, status: :forbidden + end + def ci? @ci.present? end |