diff options
author | Sean McGivern <sean@gitlab.com> | 2019-04-29 17:26:23 +0300 |
---|---|---|
committer | Sean McGivern <sean@gitlab.com> | 2019-04-29 17:26:23 +0300 |
commit | 565150205cdcb52ee4656d55c8ac3c53fc66d4f3 (patch) | |
tree | 0cb635db3fa1e2c2c60e033ee21247da8d6b0c4c /config/initializers/1_settings.rb | |
parent | 41fed29a60b10ded9130c0f61119965ffcd28b88 (diff) |
Don't allow a relative_url_root of '/'
This will fail in a few ways:
1. We might end up having a path (not a URL) starting with `//`, which
will be interpreted by browsers as a protocol-relative URL.
2. Issue, MR, snippet, etc. reference parsing will look for URLs at
`http://gitlab.example.com//project/...`, with the double slash
preventing single slashes from working.
In general, it doesn't seem like there's a valid case for this.
Diffstat (limited to 'config/initializers/1_settings.rb')
-rw-r--r-- | config/initializers/1_settings.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 3c426cdb969..39b16a873aa 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -136,6 +136,8 @@ Settings.gitlab['ssh_host'] ||= Settings.gitlab.host Settings.gitlab['https'] = false if Settings.gitlab['https'].nil? Settings.gitlab['port'] ||= ENV['GITLAB_PORT'] || (Settings.gitlab.https ? 443 : 80) Settings.gitlab['relative_url_root'] ||= ENV['RAILS_RELATIVE_URL_ROOT'] || '' +# / is not a valid relative URL root +Settings.gitlab['relative_url_root'] = '' if Settings.gitlab['relative_url_root'] == '/' Settings.gitlab['protocol'] ||= Settings.gitlab.https ? "https" : "http" Settings.gitlab['email_enabled'] ||= true if Settings.gitlab['email_enabled'].nil? Settings.gitlab['email_from'] ||= ENV['GITLAB_EMAIL_FROM'] || "gitlab@#{Settings.gitlab.host}" |