diff options
Diffstat (limited to 'doc/security')
| -rw-r--r-- | doc/security/rack_attack.md | 6 | ||||
| -rw-r--r-- | doc/security/webhooks.md | 2 |
2 files changed, 2 insertions, 6 deletions
diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md index f159b4f8e21..d80de92501e 100644 --- a/doc/security/rack_attack.md +++ b/doc/security/rack_attack.md @@ -54,11 +54,7 @@ By default, protected paths are: - `/import/github/personal_access_token` - `/admin/session` -This header is included in responses to blocked requests: - -```plaintext -Retry-After: 60 -``` +See [User and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md#response-headers) for the headers responded to blocked requests. For example, the following are limited to a maximum 10 requests per minute: diff --git a/doc/security/webhooks.md b/doc/security/webhooks.md index 0bb8e90d38f..bed998a5c84 100644 --- a/doc/security/webhooks.md +++ b/doc/security/webhooks.md @@ -26,7 +26,7 @@ sent. Webhook requests are made by the GitLab server itself and use a single (optional) secret token per hook for authorization (instead of a user or -repo-specific token). As a result, these may have broader access than +repository-specific token). As a result, these may have broader access than intended to everything running on the server hosting the webhook (which may include the GitLab server or API itself, e.g., `http://localhost:123`). Depending on the called webhook, this may also result in network access |