kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Revert "Defend against 'Host' header injection"

Browse source 
This reverts commit 47b5b44139.

See https://gitlab.com/gitlab-org/gitlab-ce/issues/17877#note_13488047
This commit is contained in:
Jacob Vosmaer 2016-08-08 13:02:44 +02:00
parent af9127e049
commit 427c9f0b5b
2 changed files with 2 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
lib/support/nginx/gitlab
View file

@ -49,12 +49,7 @@ server {
proxy_http_version 1.1;
## By overwriting Host and clearing X-Forwarded-Host we ensure that
## internal HTTP redirects generated by GitLab always send users to
## YOUR_SERVER_FQDN.
proxy_set_header Host YOUR_SERVER_FQDN;
proxy_set_header X-Forwarded-Host "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

7
lib/support/nginx/gitlab-ssl
View file

@ -93,12 +93,7 @@ server {
proxy_http_version 1.1;
## By overwriting Host and clearing X-Forwarded-Host we ensure that
## internal HTTP redirects generated by GitLab always send users to
## YOUR_SERVER_FQDN.
proxy_set_header Host YOUR_SERVER_FQDN;
proxy_set_header X-Forwarded-Host "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;