Merge branch 'security-fix-uri-xss-applications' into 'master'

[master] Resolve "Reflected XSS in OAuth Authorize window due to redirect_uri allowing arbitrary protocols" See merge request gitlab/gitlabhq!2572
author: Cindy Pallares <cindy@gitlab.com> 2018-11-28 22:53:48 +0000
committer: Cindy Pallares <cindy@gitlab.com> 2018-11-28 19:14:15 -0500
commit: 5736d6606ad7c6d729baa6c4ef789a47ada4ceda (patch)
tree: 1ae542a04e8782f61a592e3bceeacc087639a1e5 /app/controllers/oauth
parent: c0e5d9afee57745a79c072b0f57fdcbe164312da (diff)
download: gitlab-ce-5736d6606ad7c6d729baa6c4ef789a47ada4ceda.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/oauth/applications_controller.rb b/app/controllers/oauth/applications_controller.rb
index b50f140dc80..ab4ca56bb49 100644
--- a/app/controllers/oauth/applications_controller.rb
+++ b/app/controllers/oauth/applications_controller.rb
@@ -9,7 +9,7 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
   before_action :verify_user_oauth_applications_enabled, except: :index
   before_action :authenticate_user!
   before_action :add_gon_variables
-  before_action :load_scopes, only: [:index, :create, :edit]
+  before_action :load_scopes, only: [:index, :create, :edit, :update]
 
   helper_method :can?
author	Cindy Pallares <cindy@gitlab.com>	2018-11-28 22:53:48 +0000
committer	Cindy Pallares <cindy@gitlab.com>	2018-11-28 19:14:15 -0500
commit	5736d6606ad7c6d729baa6c4ef789a47ada4ceda (patch)
tree	1ae542a04e8782f61a592e3bceeacc087639a1e5 /app/controllers/oauth
parent	c0e5d9afee57745a79c072b0f57fdcbe164312da (diff)
download	gitlab-ce-5736d6606ad7c6d729baa6c4ef789a47ada4ceda.tar.gz