diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-16 21:25:58 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-16 21:25:58 +0300 |
commit | a5f4bba440d7f9ea47046a0a561d49adf0a1e6d4 (patch) | |
tree | fb69158581673816a8cd895f9d352dcb3c678b1e /doc/security/asset_proxy.md | |
parent | d16b2e8639e99961de6ddc93909f3bb5c1445ba1 (diff) |
Add latest changes from gitlab-org/gitlab@14-0-stable-eev14.0.0-rc42
Diffstat (limited to 'doc/security/asset_proxy.md')
-rw-r--r-- | doc/security/asset_proxy.md | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/doc/security/asset_proxy.md b/doc/security/asset_proxy.md index 7774f5e0635..d6b85eb5c9f 100644 --- a/doc/security/asset_proxy.md +++ b/doc/security/asset_proxy.md @@ -4,10 +4,10 @@ group: unassigned info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Proxying assets +# Proxying assets **(FREE SELF)** -A possible security concern when managing a public facing GitLab instance is -the ability to steal a users IP address by referencing images in issues, comments, etc. +A possible security concern when managing a public-facing GitLab instance is +the ability to steal a users IP address by referencing images in issues and comments. For example, adding `![Example image](http://example.com/example.png)` to an issue description causes the image to be loaded from the external @@ -18,7 +18,7 @@ One way to mitigate this is by proxying any external images to a server you control. GitLab can be configured to use an asset proxy server when requesting external images/videos/audio in -issues, comments, etc. This helps ensure that malicious images do not expose the user's IP address +issues and comments. This helps ensure that malicious images do not expose the user's IP address when they are fetched. We currently recommend using [cactus/go-camo](https://github.com/cactus/go-camo#how-it-works) |