summaryrefslogtreecommitdiff
path: root/lib/support
diff options
context:
space:
mode:
authorJacob Vosmaer <jacob@gitlab.com>2016-08-08 13:02:44 +0200
committerJacob Vosmaer <jacob@gitlab.com>2016-08-08 13:02:44 +0200
commit427c9f0b5b5f6f0c242e75a98dca2434a27945d8 (patch)
tree3b4c503710573b174018f5c22cd3ecb685101fc6 /lib/support
parentaf9127e0491a284fae82d347ae311b0710e63fff (diff)
downloadgitlab-ce-427c9f0b5b5f6f0c242e75a98dca2434a27945d8.tar.gz
Revert "Defend against 'Host' header injection"
This reverts commit 47b5b441395921e9f8e9982bb3f560e5db5a67bc. See https://gitlab.com/gitlab-org/gitlab-ce/issues/17877#note_13488047
Diffstat (limited to 'lib/support')
-rw-r--r--lib/support/nginx/gitlab7
-rw-r--r--lib/support/nginx/gitlab-ssl7
2 files changed, 2 insertions, 12 deletions
diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab
index 4a4892a2e07..d521de28e8a 100644
--- a/lib/support/nginx/gitlab
+++ b/lib/support/nginx/gitlab
@@ -49,12 +49,7 @@ server {
proxy_http_version 1.1;
- ## By overwriting Host and clearing X-Forwarded-Host we ensure that
- ## internal HTTP redirects generated by GitLab always send users to
- ## YOUR_SERVER_FQDN.
- proxy_set_header Host YOUR_SERVER_FQDN;
- proxy_set_header X-Forwarded-Host "";
-
+ proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl
index 0b93d7f292f..bf014b56cf6 100644
--- a/lib/support/nginx/gitlab-ssl
+++ b/lib/support/nginx/gitlab-ssl
@@ -93,12 +93,7 @@ server {
proxy_http_version 1.1;
- ## By overwriting Host and clearing X-Forwarded-Host we ensure that
- ## internal HTTP redirects generated by GitLab always send users to
- ## YOUR_SERVER_FQDN.
- proxy_set_header Host YOUR_SERVER_FQDN;
- proxy_set_header X-Forwarded-Host "";
-
+ proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;