diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-05 00:09:29 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-05 00:09:29 +0300 |
commit | 839dad17a14654ff31c6c7d4de0f00b90499dc23 (patch) | |
tree | f67191a2fc05f143319f7ac26bd27a0a911cf8fd /doc/integration/github.md | |
parent | ae42530b1be0d25186881ae45c39bdf1122a84b9 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/integration/github.md')
-rw-r--r-- | doc/integration/github.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/integration/github.md b/doc/integration/github.md index 61bcb8a25b3..c65027e3585 100644 --- a/doc/integration/github.md +++ b/doc/integration/github.md @@ -19,7 +19,7 @@ When you create an OAuth 2 app in GitHub, you need the following information: - The URL of your GitLab instance, such as `https://gitlab.example.com`. - The authorization callback URL; in this case, `https://gitlab.example.com/users/auth`. Include the port number if your GitLab instance uses a non-default port. -NOTE: **Note:** +NOTE: To prevent an [OAuth2 covert redirect](https://oauth.net/advisories/2014-1-covert-redirect/) vulnerability, append `/users/auth` to the end of the GitHub authorization callback URL. See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings. |