diff options
author | Z.J. van de Weg <git@zjvandeweg.nl> | 2016-11-18 12:08:30 +0100 |
---|---|---|
committer | Z.J. van de Weg <git@zjvandeweg.nl> | 2016-11-18 12:30:32 +0100 |
commit | dd826a5f20837f33263c658e41a4def0fc932069 (patch) | |
tree | 0b5a37b5a5f9c12bfef330e5286a165eae90fe2f /lib/api | |
parent | f749fb7fe0574d07eeb38561b9af62754e518281 (diff) | |
download | gitlab-ce-dd826a5f20837f33263c658e41a4def0fc932069.tar.gz |
Return a consistent not found message
This prevents leakage of project names on an endpoint which is
unauthenticated and thus open to the world.
Diffstat (limited to 'lib/api')
-rw-r--r-- | lib/api/services.rb | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/api/services.rb b/lib/api/services.rb index e3c6a998631..4d23499aa39 100644 --- a/lib/api/services.rb +++ b/lib/api/services.rb @@ -67,7 +67,8 @@ module API post ':id/services/:service_slug/trigger' do project = Project.find_with_namespace(params[:id]) || Project.find_by(id: params[:id]) - not_found! unless project + # This is not accurate, but done to prevent leakage of the project names + not_found!('Service') unless project service = project_service(project) @@ -77,7 +78,7 @@ module API status result[:status] || 200 present result else - not_found! + not_found!('Service') end end end |