diff options
author | Robert Speicher <rspeicher@gmail.com> | 2021-01-20 13:34:23 -0600 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2021-01-20 13:34:23 -0600 |
commit | 6438df3a1e0fb944485cebf07976160184697d72 (patch) | |
tree | 00b09bfd170e77ae9391b1a2f5a93ef6839f2597 /doc/security | |
parent | 42bcd54d971da7ef2854b896a7b34f4ef8601067 (diff) | |
download | gitlab-ce-6438df3a1e0fb944485cebf07976160184697d72.tar.gz |
Add latest changes from gitlab-org/gitlab@13-8-stable-eev13.8.0-rc42
Diffstat (limited to 'doc/security')
-rw-r--r-- | doc/security/rack_attack.md | 6 | ||||
-rw-r--r-- | doc/security/webhooks.md | 2 |
2 files changed, 2 insertions, 6 deletions
diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md index f159b4f8e21..d80de92501e 100644 --- a/doc/security/rack_attack.md +++ b/doc/security/rack_attack.md @@ -54,11 +54,7 @@ By default, protected paths are: - `/import/github/personal_access_token` - `/admin/session` -This header is included in responses to blocked requests: - -```plaintext -Retry-After: 60 -``` +See [User and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md#response-headers) for the headers responded to blocked requests. For example, the following are limited to a maximum 10 requests per minute: diff --git a/doc/security/webhooks.md b/doc/security/webhooks.md index 0bb8e90d38f..bed998a5c84 100644 --- a/doc/security/webhooks.md +++ b/doc/security/webhooks.md @@ -26,7 +26,7 @@ sent. Webhook requests are made by the GitLab server itself and use a single (optional) secret token per hook for authorization (instead of a user or -repo-specific token). As a result, these may have broader access than +repository-specific token). As a result, these may have broader access than intended to everything running on the server hosting the webhook (which may include the GitLab server or API itself, e.g., `http://localhost:123`). Depending on the called webhook, this may also result in network access |