Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers/oauth
diff options
context:
space:
mode:
authorCindy Pallares <cindy@gitlab.com>2018-11-29 01:53:48 +0300
committerCindy Pallares <cindy@gitlab.com>2018-11-29 03:14:15 +0300
commit5736d6606ad7c6d729baa6c4ef789a47ada4ceda (patch)
tree1ae542a04e8782f61a592e3bceeacc087639a1e5 /app/controllers/oauth
parentc0e5d9afee57745a79c072b0f57fdcbe164312da (diff)
Merge branch 'security-fix-uri-xss-applications' into 'master'
[master] Resolve "Reflected XSS in OAuth Authorize window due to redirect_uri allowing arbitrary protocols" See merge request gitlab/gitlabhq!2572
Diffstat (limited to 'app/controllers/oauth')
-rw-r--r--app/controllers/oauth/applications_controller.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/oauth/applications_controller.rb b/app/controllers/oauth/applications_controller.rb
index b50f140dc80..ab4ca56bb49 100644
--- a/app/controllers/oauth/applications_controller.rb
+++ b/app/controllers/oauth/applications_controller.rb
@@ -9,7 +9,7 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
before_action :verify_user_oauth_applications_enabled, except: :index
before_action :authenticate_user!
before_action :add_gon_variables
- before_action :load_scopes, only: [:index, :create, :edit]
+ before_action :load_scopes, only: [:index, :create, :edit, :update]
helper_method :can?
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-26 06:18:08 +0300