Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorRobert Speicher <robert@gitlab.com>2016-04-25 23:50:38 +0300
committerYorick Peterse <yorick@gitlab.com>2016-04-26 00:52:40 +0300
commit61013f11bbce45c3b14df34437a2a697b426aaf4 (patch)
tree76df3fd69cfc0f53a63d0ae869e64f15b887fd64 /config
parent516900b9dc6423a905b1ada3b7b4c9b593b51c6d (diff)
Merge branch 'fix-impersonation-issue' into 'master'
Prevent privilege escalation via "impersonate" feature Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15548 See merge request !1956
Diffstat (limited to 'config')
-rw-r--r--config/routes.rb6
1 files changed, 3 insertions, 3 deletions
diff --git a/config/routes.rb b/config/routes.rb
index 2f820aafed1..9c6fb682fc9 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -212,8 +212,6 @@ Rails.application.routes.draw do
resources :keys, only: [:show, :destroy]
resources :identities, except: [:show]
- delete 'stop_impersonation' => 'impersonation#destroy', on: :collection
-
member do
get :projects
get :keys
@@ -223,12 +221,14 @@ Rails.application.routes.draw do
put :unblock
put :unlock
put :confirm
- post 'impersonate' => 'impersonation#create'
+ post :impersonate
patch :disable_two_factor
delete 'remove/:email_id', action: 'remove_email', as: 'remove_email'
end
end
+ resource :impersonation, only: :destroy
+
resources :abuse_reports, only: [:index, :destroy]
resources :spam_logs, only: [:index, :destroy]
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-18 20:38:43 +0300