diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-01 03:09:51 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-01 03:09:51 +0300 |
| commit | 6b75388b67c35271bc18f2dbd41a72accd927808 (patch) | |
| tree | 0e905919b117b731ea22ef629f45701e6124c1ee /lib | |
| parent | 260c87f94ecc8802de4f7cd16d10c0a08d19559c (diff) | |
Add latest changes from gitlab-org/gitlab@15-9-stable-ee
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab/http_connection_adapter.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab/octokit/middleware.rb | 7 | ||||
| -rw-r--r-- | lib/gitlab/url_blocker.rb | 4 |
3 files changed, 5 insertions, 8 deletions
diff --git a/lib/gitlab/http_connection_adapter.rb b/lib/gitlab/http_connection_adapter.rb index aec430f2686..3ef60be67a9 100644 --- a/lib/gitlab/http_connection_adapter.rb +++ b/lib/gitlab/http_connection_adapter.rb @@ -59,6 +59,8 @@ module Gitlab end def dns_rebind_protection? + return false if Gitlab.http_proxy_env? + Gitlab::CurrentSettings.dns_rebinding_protection_enabled? end diff --git a/lib/gitlab/octokit/middleware.rb b/lib/gitlab/octokit/middleware.rb index 0e47672bb3c..a92860f7eb8 100644 --- a/lib/gitlab/octokit/middleware.rb +++ b/lib/gitlab/octokit/middleware.rb @@ -11,8 +11,7 @@ module Gitlab Gitlab::UrlBlocker.validate!(env[:url], schemes: %w[http https], allow_localhost: allow_local_requests?, - allow_local_network: allow_local_requests?, - dns_rebind_protection: dns_rebind_protection? + allow_local_network: allow_local_requests? ) @app.call(env) @@ -23,10 +22,6 @@ module Gitlab def allow_local_requests? Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services? end - - def dns_rebind_protection? - Gitlab::CurrentSettings.dns_rebinding_protection_enabled? - end end end end diff --git a/lib/gitlab/url_blocker.rb b/lib/gitlab/url_blocker.rb index b620e9b4560..00e609511f2 100644 --- a/lib/gitlab/url_blocker.rb +++ b/lib/gitlab/url_blocker.rb @@ -121,8 +121,8 @@ module Gitlab end rescue SocketError # If the dns rebinding protection is not enabled or the domain - # is allowed, or HTTP_PROXY is set we avoid the dns rebinding checks - return if domain_allowed?(uri) || !dns_rebind_protection || Gitlab.http_proxy_env? + # is allowed we avoid the dns rebinding checks + return if domain_allowed?(uri) || !dns_rebind_protection # In the test suite we use a lot of mocked urls that are either invalid or # don't exist. In order to avoid modifying a ton of tests and factories |