diff options
author | Patricio Cano <suprnova32@gmail.com> | 2016-06-23 17:37:57 -0500 |
---|---|---|
committer | Patricio Cano <suprnova32@gmail.com> | 2016-07-05 16:54:22 -0500 |
commit | 41c87b9a23d7ebf24c3c100a4c261b8d2a68d0ff (patch) | |
tree | 6e84819da4d1017a70357e243abfb759214b157d /app/controllers/projects | |
parent | ace309d7755d6d50f85169649429e237ebb32b76 (diff) | |
download | gitlab-ce-41c87b9a23d7ebf24c3c100a4c261b8d2a68d0ff.tar.gz |
Return :forbidden if HTTP protocol access is not allowed
Diffstat (limited to 'app/controllers/projects')
-rw-r--r-- | app/controllers/projects/git_http_controller.rb | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/app/controllers/projects/git_http_controller.rb b/app/controllers/projects/git_http_controller.rb index f124333bd5b..072702ec9a2 100644 --- a/app/controllers/projects/git_http_controller.rb +++ b/app/controllers/projects/git_http_controller.rb @@ -19,6 +19,8 @@ class Projects::GitHttpController < Projects::ApplicationController render_ok elsif receive_pack? && receive_pack_allowed? render_ok + elsif !upload_pack_allowed? + render_not_allowed else render_not_found end @@ -154,6 +156,10 @@ class Projects::GitHttpController < Projects::ApplicationController render plain: 'Not Found', status: :not_found end + def render_not_allowed + render json: access.to_json, status: :forbidden + end + def ci? @ci.present? end |