diff options
author | Cindy Pallares <cindy@gitlab.com> | 2018-11-29 01:53:48 +0300 |
---|---|---|
committer | Cindy Pallares <cindy@gitlab.com> | 2018-11-29 03:14:15 +0300 |
commit | 5736d6606ad7c6d729baa6c4ef789a47ada4ceda (patch) | |
tree | 1ae542a04e8782f61a592e3bceeacc087639a1e5 /app/controllers/oauth | |
parent | c0e5d9afee57745a79c072b0f57fdcbe164312da (diff) |
Merge branch 'security-fix-uri-xss-applications' into 'master'
[master] Resolve "Reflected XSS in OAuth Authorize window due to redirect_uri allowing arbitrary protocols"
See merge request gitlab/gitlabhq!2572
Diffstat (limited to 'app/controllers/oauth')
-rw-r--r-- | app/controllers/oauth/applications_controller.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/oauth/applications_controller.rb b/app/controllers/oauth/applications_controller.rb index b50f140dc80..ab4ca56bb49 100644 --- a/app/controllers/oauth/applications_controller.rb +++ b/app/controllers/oauth/applications_controller.rb @@ -9,7 +9,7 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController before_action :verify_user_oauth_applications_enabled, except: :index before_action :authenticate_user! before_action :add_gon_variables - before_action :load_scopes, only: [:index, :create, :edit] + before_action :load_scopes, only: [:index, :create, :edit, :update] helper_method :can? |