Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/integration/github.md
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-12-05 00:09:29 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2020-12-05 00:09:29 +0300
commit839dad17a14654ff31c6c7d4de0f00b90499dc23 (patch)
treef67191a2fc05f143319f7ac26bd27a0a911cf8fd /doc/integration/github.md
parentae42530b1be0d25186881ae45c39bdf1122a84b9 (diff)
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/integration/github.md')
-rw-r--r--doc/integration/github.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/integration/github.md b/doc/integration/github.md
index 61bcb8a25b3..c65027e3585 100644
--- a/doc/integration/github.md
+++ b/doc/integration/github.md
@@ -19,7 +19,7 @@ When you create an OAuth 2 app in GitHub, you need the following information:
- The URL of your GitLab instance, such as `https://gitlab.example.com`.
- The authorization callback URL; in this case, `https://gitlab.example.com/users/auth`. Include the port number if your GitLab instance uses a non-default port.
-NOTE: **Note:**
+NOTE:
To prevent an [OAuth2 covert redirect](https://oauth.net/advisories/2014-1-covert-redirect/) vulnerability, append `/users/auth` to the end of the GitHub authorization callback URL.
See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings.
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-05 20:16:51 +0300