diff options
| author | Mark Chao <mchao@gitlab.com> | 2018-12-11 14:32:25 +0800 |
|---|---|---|
| committer | Mark Chao <mchao@gitlab.com> | 2018-12-20 14:32:51 +0800 |
| commit | ed0d691e0dfba54cd8f03706afd011afe4063a7a (patch) | |
| tree | 25efce5071ce983bd99d74546af262075786cd15 /app/controllers/snippets_controller.rb | |
| parent | 30c6db8f0354847c275335c120d7218c0098c41f (diff) | |
| download | gitlab-ce-ed0d691e0dfba54cd8f03706afd011afe4063a7a.tar.gz | |
Block private snippets from being embeddable
Diffstat (limited to 'app/controllers/snippets_controller.rb')
| -rw-r--r-- | app/controllers/snippets_controller.rb | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb index dd9bf17cf0c..8ea5450b4e8 100644 --- a/app/controllers/snippets_controller.rb +++ b/app/controllers/snippets_controller.rb @@ -80,7 +80,13 @@ class SnippetsController < ApplicationController render_blob_json(blob) end - format.js { render 'shared/snippets/show' } + format.js do + if @snippet.embeddable? + render 'shared/snippets/show' + else + head :not_found + end + end end end |