diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-24 18:08:38 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-24 18:08:38 +0300 |
commit | 61ebd5753018a1f4b6032122f6ea625dc4e4fc8e (patch) | |
tree | e75a5db22733f59f822a927aa9916c8ab5d00898 /doc/user | |
parent | 7186033c5110609384da4ffb4456093801cd547b (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user')
-rw-r--r-- | doc/user/project/pages/index.md | 14 | ||||
-rw-r--r-- | doc/user/project/pages/introduction.md | 19 |
2 files changed, 30 insertions, 3 deletions
diff --git a/doc/user/project/pages/index.md b/doc/user/project/pages/index.md index a68ad604989..9b299b46f75 100644 --- a/doc/user/project/pages/index.md +++ b/doc/user/project/pages/index.md @@ -129,12 +129,14 @@ If you are running a self-managed instance of GitLab, ### Configure GitLab Pages in a Helm Chart (Kubernetes) instance To configure GitLab Pages on instances deployed via Helm chart (Kubernetes), use either: - -- [The `gitlab-pages` subchart](https://docs.gitlab.com/charts/charts/gitlab/gitlab-pages/). -- [An external GitLab Pages instance](https://docs.gitlab.com/charts/advanced/external-gitlab-pages/). + +- [The `gitlab-pages` subchart](https://docs.gitlab.com/charts/charts/gitlab/gitlab-pages/). +- [An external GitLab Pages instance](https://docs.gitlab.com/charts/advanced/external-gitlab-pages/). ## Security for GitLab Pages +### Namespaces that contain `.` + If your username is `example`, your GitLab Pages website is located at `example.gitlab.io`. GitLab allows usernames to contain a `.`, so a user named `bar.example` could create a GitLab Pages website `bar.example.gitlab.io` that effectively is a subdomain of your @@ -153,3 +155,9 @@ document.cookie = "key=value;domain=example.gitlab.io"; This issue doesn't affect users with a custom domain, or users who don't set any cookies manually with JavaScript. + +### Shared cookies + +By default, every project in a group shares the same domain, for example, `group.gitlab.io`. This means that cookies are also shared for all projects in a group. + +To ensure each project uses different cookies, enable the Pages [unique domains](introduction.md#enable-unique-domains) feature for your project. diff --git a/doc/user/project/pages/introduction.md b/doc/user/project/pages/introduction.md index 05d0b461fea..f7d273d198d 100644 --- a/doc/user/project/pages/introduction.md +++ b/doc/user/project/pages/introduction.md @@ -94,6 +94,25 @@ the group must be at the top level and not a subgroup. For [project websites](../../project/pages/getting_started_part_one.md#project-website-examples), you can create your project first and access it under `http(s)://namespace.example.io/projectname`. +## Enable unique domains + +> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/9347) in GitLab 15.9 [with a flag](../../../administration/feature_flags.md) named `pages_unique_domain`. Disabled by default. +> - [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/388151) in GitLab 15.11. + +FLAG: +On self-managed GitLab, by default this feature is not available. To make it available, +ask an administrator to [enable the feature flag](../../../administration/feature_flags.md) named `pages_unique_domain`. +On GitLab.com, by default this feature is available. + +By default, every project in a group shares the same domain, for example, `group.gitlab.io`. This means that cookies are also shared for all projects in a group. + +To ensure your project uses a unique Pages domain, enable the unique domains feature for the project: + +1. On the top bar, select **Main menu > Projects** and find your project. +1. On the left sidebar, select **Settings > Pages**. +1. Select the **Use unique domain** checkbox. +1. Select **Save changes**. + ## Specific configuration options for Pages Learn how to set up GitLab CI/CD for specific use cases. |