From 565150205cdcb52ee4656d55c8ac3c53fc66d4f3 Mon Sep 17 00:00:00 2001
From: Sean McGivern <sean@gitlab.com>
Date: Mon, 29 Apr 2019 15:26:23 +0100
Subject: Don't allow a relative_url_root of '/'

This will fail in a few ways:

1. We might end up having a path (not a URL) starting with `//`, which
   will be interpreted by browsers as a protocol-relative URL.
2. Issue, MR, snippet, etc. reference parsing will look for URLs at
   `http://gitlab.example.com//project/...`, with the double slash
   preventing single slashes from working.

In general, it doesn't seem like there's a valid case for this.
---
 config/initializers/1_settings.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 3c426cdb969..39b16a873aa 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -136,6 +136,8 @@ Settings.gitlab['ssh_host']   ||= Settings.gitlab.host
 Settings.gitlab['https']        = false if Settings.gitlab['https'].nil?
 Settings.gitlab['port']       ||= ENV['GITLAB_PORT'] || (Settings.gitlab.https ? 443 : 80)
 Settings.gitlab['relative_url_root'] ||= ENV['RAILS_RELATIVE_URL_ROOT'] || ''
+# / is not a valid relative URL root
+Settings.gitlab['relative_url_root']   = '' if Settings.gitlab['relative_url_root'] == '/'
 Settings.gitlab['protocol'] ||= Settings.gitlab.https ? "https" : "http"
 Settings.gitlab['email_enabled'] ||= true if Settings.gitlab['email_enabled'].nil?
 Settings.gitlab['email_from'] ||= ENV['GITLAB_EMAIL_FROM'] || "gitlab@#{Settings.gitlab.host}"
-- 
cgit v1.2.1