From 6b75388b67c35271bc18f2dbd41a72accd927808 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 1 Mar 2023 00:09:51 +0000
Subject: Add latest changes from gitlab-org/gitlab@15-9-stable-ee

---
 lib/gitlab/http_connection_adapter.rb | 2 ++
 lib/gitlab/octokit/middleware.rb      | 7 +------
 lib/gitlab/url_blocker.rb             | 4 ++--
 3 files changed, 5 insertions(+), 8 deletions(-)

(limited to 'lib')

diff --git a/lib/gitlab/http_connection_adapter.rb b/lib/gitlab/http_connection_adapter.rb
index aec430f2686..3ef60be67a9 100644
--- a/lib/gitlab/http_connection_adapter.rb
+++ b/lib/gitlab/http_connection_adapter.rb
@@ -59,6 +59,8 @@ module Gitlab
     end
 
     def dns_rebind_protection?
+      return false if Gitlab.http_proxy_env?
+
       Gitlab::CurrentSettings.dns_rebinding_protection_enabled?
     end
 
diff --git a/lib/gitlab/octokit/middleware.rb b/lib/gitlab/octokit/middleware.rb
index 0e47672bb3c..a92860f7eb8 100644
--- a/lib/gitlab/octokit/middleware.rb
+++ b/lib/gitlab/octokit/middleware.rb
@@ -11,8 +11,7 @@ module Gitlab
         Gitlab::UrlBlocker.validate!(env[:url],
           schemes: %w[http https],
           allow_localhost: allow_local_requests?,
-          allow_local_network: allow_local_requests?,
-          dns_rebind_protection: dns_rebind_protection?
+          allow_local_network: allow_local_requests?
         )
 
         @app.call(env)
@@ -23,10 +22,6 @@ module Gitlab
       def allow_local_requests?
         Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?
       end
-
-      def dns_rebind_protection?
-        Gitlab::CurrentSettings.dns_rebinding_protection_enabled?
-      end
     end
   end
 end
diff --git a/lib/gitlab/url_blocker.rb b/lib/gitlab/url_blocker.rb
index b620e9b4560..00e609511f2 100644
--- a/lib/gitlab/url_blocker.rb
+++ b/lib/gitlab/url_blocker.rb
@@ -121,8 +121,8 @@ module Gitlab
         end
       rescue SocketError
         # If the dns rebinding protection is not enabled or the domain
-        # is allowed, or HTTP_PROXY is set we avoid the dns rebinding checks
-        return if domain_allowed?(uri) || !dns_rebind_protection || Gitlab.http_proxy_env?
+        # is allowed we avoid the dns rebinding checks
+        return if domain_allowed?(uri) || !dns_rebind_protection
 
         # In the test suite we use a lot of mocked urls that are either invalid or
         # don't exist. In order to avoid modifying a ton of tests and factories
-- 
cgit v1.2.3