Merge branch 'security-prevent-detection-of-merge-request-template-name' into 'master'

Guests can know whether merge request template name exists or not See merge request gitlab/gitlabhq!3117
author: Marin Jankovski <marin@gitlab.com> 2019-07-02 06:18:03 +0000
committer: Marin Jankovski <marin@gitlab.com> 2019-07-02 06:18:03 +0000
commit: 3e1c60194800c3a58805dcd72739c91836791a8f (patch)
tree: 77085ac16b8e6a9bf2187adc594cd1a3ffc4e462 /config
parent: efaf6f4bcc8a1c2542bf51f8bd7ccabc2b90afcc (diff)
parent: ba377e91e1179b5b1124df1fcdda22c1b63e82a1 (diff)
download: gitlab-ce-3e1c60194800c3a58805dcd72739c91836791a8f.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/config/routes/project.rb b/config/routes/project.rb
index 0e8e089c78a..561478bd870 100644
--- a/config/routes/project.rb
+++ b/config/routes/project.rb
@@ -168,7 +168,10 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
       #
       # Templates
       #
-      get '/templates/:template_type/:key' => 'templates#show', as: :template, constraints: { key: %r{[^/]+} }
+      get '/templates/:template_type/:key' => 'templates#show',
+          as: :template,
+          defaults: { format: 'json' },
+          constraints: { key: %r{[^/]+}, template_type: %r{issue|merge_request}, format: 'json' }
 
       resources :commit, only: [:show], constraints: { id: /\h{7,40}/ } do
         member do
author	Marin Jankovski <marin@gitlab.com>	2019-07-02 06:18:03 +0000
committer	Marin Jankovski <marin@gitlab.com>	2019-07-02 06:18:03 +0000
commit	3e1c60194800c3a58805dcd72739c91836791a8f (patch)
tree	77085ac16b8e6a9bf2187adc594cd1a3ffc4e462 /config
parent	efaf6f4bcc8a1c2542bf51f8bd7ccabc2b90afcc (diff)
parent	ba377e91e1179b5b1124df1fcdda22c1b63e82a1 (diff)
download	gitlab-ce-3e1c60194800c3a58805dcd72739c91836791a8f.tar.gz