diff options
author | Stan Hu <stanhu@gmail.com> | 2019-03-19 10:02:17 -0700 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2019-03-19 11:23:51 -0700 |
commit | d165754400cd68f116babc1b0f50cf6109e85009 (patch) | |
tree | 3f7b9a1d30d072a102657fa78b46b188f88d0fd1 /spec/controllers | |
parent | 934253c9475a2f2d8a562bcc6bbb8a5f52efa713 (diff) | |
download | gitlab-ce-d165754400cd68f116babc1b0f50cf6109e85009.tar.gz |
Reject HEAD requests to info/refs endpoint
In production, we see high error rates due to clients attempting to use
the dumb Git HTTP protocol with HEAD /foo/bar.git/info/refs
endpoint. This isn't supported and causes Error 500s because Workhorse
doesn't send along its secret because it's not proxying this request.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54579
Diffstat (limited to 'spec/controllers')
-rw-r--r-- | spec/controllers/projects/git_http_controller_spec.rb | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/spec/controllers/projects/git_http_controller_spec.rb b/spec/controllers/projects/git_http_controller_spec.rb new file mode 100644 index 00000000000..bf099e8deeb --- /dev/null +++ b/spec/controllers/projects/git_http_controller_spec.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Projects::GitHttpController do + describe 'HEAD #info_refs' do + it 'returns 403' do + project = create(:project, :public, :repository) + + head :info_refs, params: { namespace_id: project.namespace.to_param, project_id: project.path + '.git' } + + expect(response.status).to eq(403) + end + end +end |