diff options
| author | rpereira2 <rpereira@gitlab.com> | 2018-11-14 19:50:34 +0530 |
|---|---|---|
| committer | rpereira2 <rpereira@gitlab.com> | 2018-11-14 20:12:51 +0530 |
| commit | d61dc4982dacf79193bd8459df5ad0b130523981 (patch) | |
| tree | a31aa1446c3cbe22860610e3b53dab46e1eae56b /app | |
| parent | 40030677c876d2a6cfa36dfe2f7e7eff73b16752 (diff) | |
| download | gitlab-ce-d61dc4982dacf79193bd8459df5ad0b130523981.tar.gz | |
No redirects in prometheus service
Do not allow redirects in the prometheus service to prevent SSRFs.
Diffstat (limited to 'app')
| -rw-r--r-- | app/models/project_services/prometheus_service.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/models/project_services/prometheus_service.rb b/app/models/project_services/prometheus_service.rb index 509e5b6089b..620efd3768c 100644 --- a/app/models/project_services/prometheus_service.rb +++ b/app/models/project_services/prometheus_service.rb @@ -72,7 +72,7 @@ class PrometheusService < MonitoringService end def prometheus_client - RestClient::Resource.new(api_url) if api_url && manual_configuration? && active? + RestClient::Resource.new(api_url, max_redirects: 0) if api_url && manual_configuration? && active? end def prometheus_installed? |