From 6438df3a1e0fb944485cebf07976160184697d72 Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Wed, 20 Jan 2021 13:34:23 -0600 Subject: Add latest changes from gitlab-org/gitlab@13-8-stable-ee --- doc/security/rack_attack.md | 6 +----- doc/security/webhooks.md | 2 +- 2 files changed, 2 insertions(+), 6 deletions(-) (limited to 'doc/security') diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md index f159b4f8e21..d80de92501e 100644 --- a/doc/security/rack_attack.md +++ b/doc/security/rack_attack.md @@ -54,11 +54,7 @@ By default, protected paths are: - `/import/github/personal_access_token` - `/admin/session` -This header is included in responses to blocked requests: - -```plaintext -Retry-After: 60 -``` +See [User and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md#response-headers) for the headers responded to blocked requests. For example, the following are limited to a maximum 10 requests per minute: diff --git a/doc/security/webhooks.md b/doc/security/webhooks.md index 0bb8e90d38f..bed998a5c84 100644 --- a/doc/security/webhooks.md +++ b/doc/security/webhooks.md @@ -26,7 +26,7 @@ sent. Webhook requests are made by the GitLab server itself and use a single (optional) secret token per hook for authorization (instead of a user or -repo-specific token). As a result, these may have broader access than +repository-specific token). As a result, these may have broader access than intended to everything running on the server hosting the webhook (which may include the GitLab server or API itself, e.g., `http://localhost:123`). Depending on the called webhook, this may also result in network access -- cgit v1.2.3