Merge branch 'set-default-url-options' into 'master'
Set Application controller default URL options to ensure all url_for calls are consistent ### What does this MR do? This MR sets the app controller's `default_url_options` so that all `url_for` calls are consistent. ### Are there points in the code the reviewer needs to double check? Setting these options may simplify `url_for` calls that load the GitLab options already. I did not want to touch existing code yet. I'm also not sure if there are other options that need to be included. ### Why was this MR needed? If you run GitLab behind a reverse proxy or in a Docker container, you don't want a user to be seeing the local IP and port on which GitLab is running (e.g. 192.168.1.1:8080). Right now there are places where this internal data is leaked (e.g. see the URL in Profile Settings -> Account -> Username; this uses `user_url`). ### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)? #1249 See merge request !453
This commit is contained in:
commit
090f2344ec
|
@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date.
|
|||
|
||||
v 7.10.0 (unreleased)
|
||||
- Fix broken side-by-side diff view on merge request page (Stan Hu)
|
||||
- Set Application controller default URL options to ensure all url_for calls are consistent (Stan Hu)
|
||||
- Allow HTML tags in Markdown input
|
||||
- Fix code unfold not working on Compare commits page (Stan Hu)
|
||||
- Include missing events and fix save functionality in admin service template settings form (Stan Hu)
|
||||
|
|
|
@ -178,6 +178,18 @@ class ApplicationController < ActionController::Base
|
|||
response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
|
||||
end
|
||||
|
||||
def default_url_options
|
||||
if !Rails.env.test?
|
||||
port = Gitlab.config.gitlab.port unless Gitlab.config.gitlab_on_standard_port?
|
||||
{ host: Gitlab.config.gitlab.host,
|
||||
protocol: Gitlab.config.gitlab.protocol,
|
||||
port: port,
|
||||
script_name: Gitlab.config.gitlab.relative_url_root }
|
||||
else
|
||||
super
|
||||
end
|
||||
end
|
||||
|
||||
def default_headers
|
||||
headers['X-Frame-Options'] = 'DENY'
|
||||
headers['X-XSS-Protection'] = '1; mode=block'
|
||||
|
|
Loading…
Reference in New Issue