diff options
author | Jacob Vosmaer (GitLab) <jacob@gitlab.com> | 2016-09-09 11:33:08 +0000 |
---|---|---|
committer | Ruben Davila <rdavila84@gmail.com> | 2016-09-20 11:46:48 -0500 |
commit | 81978178ddbf92a6a87456c2622e7b22cb7f0b1a (patch) | |
tree | 87d4c86e750da4296656ab623340fc3424ec2422 | |
parent | bec0c45593fcd3ad834e4c09f0e97bd2788772aa (diff) | |
download | gitlab-ce-81978178ddbf92a6a87456c2622e7b22cb7f0b1a.tar.gz |
Merge branch 'gitlab-workhorse-safeties' into 'master'
Security and safety improvements for gitlab-workhorse integration
Companion to https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/60
- Use a custom content type when sending data to gitlab-workhorse
- Verify (using JWT and a shared secret on disk) that internal API requests came from gitlab-workhorse
This will allow us to build features in gitlab-workhorse that require
more trust, and protect us against programming mistakes in the future.
This is designed so that no action is required for installations from
source. For omnibus-gitlab we need to add code that manages the shared
secret.
See merge request !5907
Conflicts:
GITLAB_WORKHORSE_VERSION
doc/install/installation.md
doc/update/8.11-to-8.12.md
lib/gitlab/workhorse.rb
spec/lib/gitlab/workhorse_spec.rb
spec/requests/ci/api/builds_spec.rb
spec/requests/git_http_spec.rb
-rw-r--r-- | app/controllers/projects/git_http_client_controller.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/app/controllers/projects/git_http_client_controller.rb b/app/controllers/projects/git_http_client_controller.rb index cbfd3cab3dd..a471717a092 100644 --- a/app/controllers/projects/git_http_client_controller.rb +++ b/app/controllers/projects/git_http_client_controller.rb @@ -153,4 +153,8 @@ class Projects::GitHttpClientController < Projects::ApplicationController def verify_workhorse_api! Gitlab::Workhorse.verify_api_request!(request.headers) end + + def verify_workhorse_api! + Gitlab::Workhorse.verify_api_request!(request.headers) + end end |