Update security/webhooks.md doc page & specs

Updating security/webhooks.md to match new behaviour as well as drying up few specs to extract shared examples
author: George Koltsov <gkoltsov@gitlab.com> 2019-07-26 16:03:06 +0300
committer: George Koltsov <gkoltsov@gitlab.com> 2019-08-02 17:39:18 +0300
commit: ac7661924eebd6eb0fa72848e2b4bf4391ebf113 (patch)
tree: c38ea5f92cbd54f0c4d4d085ec68bd8347804d8e /app
parent: 5a19a43a13031de83af2d241498465a882421270 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/app/validators/system_hook_url_validator.rb b/app/validators/system_hook_url_validator.rb
index c8c0007e35b..e482828685d 100644
--- a/app/validators/system_hook_url_validator.rb
+++ b/app/validators/system_hook_url_validator.rb
@@ -2,7 +2,7 @@
 
 # SystemHookUrlValidator
 #
-# Custom validator specifically for SystemHook URLs. This validator works like AddressableUrlValidator but
+# Custom validator specific to SystemHook URLs. This validator works like AddressableUrlValidator but
 # it blocks urls pointing to localhost or the local network depending on
 # ApplicationSetting.allow_local_requests_from_system_hooks
 #
@@ -14,8 +14,8 @@
 #
 class SystemHookUrlValidator < AddressableUrlValidator
   DEFAULT_OPTIONS = {
-    allow_localhost: true,
-    allow_local_network: true
+    allow_localhost: false,
+    allow_local_network: false
   }.freeze
 
   def initialize(options)
author	George Koltsov <gkoltsov@gitlab.com>	2019-07-26 16:03:06 +0300
committer	George Koltsov <gkoltsov@gitlab.com>	2019-08-02 17:39:18 +0300
commit	ac7661924eebd6eb0fa72848e2b4bf4391ebf113 (patch)
tree	c38ea5f92cbd54f0c4d4d085ec68bd8347804d8e /app
parent	5a19a43a13031de83af2d241498465a882421270 (diff)