diff options
author | Cindy Pallares <cindy@gitlab.com> | 2018-11-28 18:38:00 +0000 |
---|---|---|
committer | Cindy Pallares <cindy@gitlab.com> | 2018-11-28 19:08:32 -0500 |
commit | 94ab2d5fc80d71df5637e6bbe1f5272daf6aa38c (patch) | |
tree | e044ce2a16e90cc64373601be7345b259aa19815 /app | |
parent | 4bc6f2e3ac8e6997ebc3b06867049dc38aa6d6e6 (diff) | |
download | gitlab-ce-94ab2d5fc80d71df5637e6bbe1f5272daf6aa38c.tar.gz |
Merge branch 'security-2736-prometheus-ssrf' into 'master'
[master] Do not follow redirects in prometheus service
See merge request gitlab/gitlabhq!2617
Diffstat (limited to 'app')
-rw-r--r-- | app/models/project_services/prometheus_service.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/models/project_services/prometheus_service.rb b/app/models/project_services/prometheus_service.rb index 211e5c3fcbf..60cb2d380d5 100644 --- a/app/models/project_services/prometheus_service.rb +++ b/app/models/project_services/prometheus_service.rb @@ -71,7 +71,7 @@ class PrometheusService < MonitoringService end def prometheus_client - RestClient::Resource.new(api_url) if api_url && manual_configuration? && active? + RestClient::Resource.new(api_url, max_redirects: 0) if api_url && manual_configuration? && active? end def prometheus_available? |