diff options
| author | Douwe Maan <douwe@gitlab.com> | 2016-08-08 20:47:05 +0300 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2016-08-08 20:47:05 +0300 |
| commit | 15b1bf845b7a05b05e4e7b1d41ace829ae48f1dc (patch) | |
| tree | ee6b17393f2bf42c350eb6516c0baf6e594867cf /lib | |
| parent | d668b145a1b2619e60586b6009390949fb363250 (diff) | |
| parent | 427c9f0b5b5f6f0c242e75a98dca2434a27945d8 (diff) | |
Merge branch 'revert-host-header-overwrite' into 'master'
Revert "Defend against 'Host' header injection"
We reverted this in omnibus but forgot to do it in the source NGINX template.
See merge request !5706
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/support/nginx/gitlab | 7 | ||||
| -rw-r--r-- | lib/support/nginx/gitlab-ssl | 7 |
2 files changed, 2 insertions, 12 deletions
diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab index 4a4892a2e07..d521de28e8a 100644 --- a/lib/support/nginx/gitlab +++ b/lib/support/nginx/gitlab @@ -49,12 +49,7 @@ server { proxy_http_version 1.1; - ## By overwriting Host and clearing X-Forwarded-Host we ensure that - ## internal HTTP redirects generated by GitLab always send users to - ## YOUR_SERVER_FQDN. - proxy_set_header Host YOUR_SERVER_FQDN; - proxy_set_header X-Forwarded-Host ""; - + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl index 0b93d7f292f..bf014b56cf6 100644 --- a/lib/support/nginx/gitlab-ssl +++ b/lib/support/nginx/gitlab-ssl @@ -93,12 +93,7 @@ server { proxy_http_version 1.1; - ## By overwriting Host and clearing X-Forwarded-Host we ensure that - ## internal HTTP redirects generated by GitLab always send users to - ## YOUR_SERVER_FQDN. - proxy_set_header Host YOUR_SERVER_FQDN; - proxy_set_header X-Forwarded-Host ""; - + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |