Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers/projects/snippets_controller.rb
diff options
context:
space:
mode:
authorMark Chao <mchao@gitlab.com>2018-12-11 09:32:25 +0300
committerMark Chao <mchao@gitlab.com>2018-12-20 09:32:51 +0300
commited0d691e0dfba54cd8f03706afd011afe4063a7a (patch)
tree25efce5071ce983bd99d74546af262075786cd15 /app/controllers/projects/snippets_controller.rb
parent30c6db8f0354847c275335c120d7218c0098c41f (diff)
Block private snippets from being embeddable
Diffstat (limited to 'app/controllers/projects/snippets_controller.rb')
-rw-r--r--app/controllers/projects/snippets_controller.rb9
1 files changed, 8 insertions, 1 deletions
diff --git a/app/controllers/projects/snippets_controller.rb b/app/controllers/projects/snippets_controller.rb
index a44acb12bdf..255f1f3569a 100644
--- a/app/controllers/projects/snippets_controller.rb
+++ b/app/controllers/projects/snippets_controller.rb
@@ -75,7 +75,14 @@ class Projects::SnippetsController < Projects::ApplicationController
format.json do
render_blob_json(blob)
end
- format.js { render 'shared/snippets/show'}
+
+ format.js do
+ if @snippet.embeddable?
+ render 'shared/snippets/show'
+ else
+ head :not_found
+ end
+ end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-16 22:14:50 +0300