Commit graph

14 commits

Author SHA1 Message Date
GitLab Bot
b6ec12ceca Add latest changes from gitlab-org/gitlab@master 2020-01-22 21:08:48 +00:00
GitLab Bot
364f6f2e33 Add latest changes from gitlab-org/gitlab@master 2020-01-20 15:09:18 +00:00
GitLab Bot
a5ab3467a7 Add latest changes from gitlab-org/gitlab@master 2020-01-13 15:07:53 +00:00
GitLab Bot
184c2ced07 Add latest changes from gitlab-org/gitlab@master 2019-10-17 18:08:05 +00:00
GitLab Bot
80f61b4035 Add latest changes from gitlab-org/gitlab@master 2019-09-18 14:02:45 +00:00
Stan Hu
01203e7188 Fix health checks not working behind load balancers
The change in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24199 caused
requests coming from a load balancer to arrive as 127.0.0.1 instead of
the actual IP.

`Rack::Request#ip` behaves slightly differently different than
`ActionDispatch::Request#remote_ip`: the former will return the first
X-Forwarded-For IP if all of the IPs are trusted proxies, while the
second one filters out all proxies and falls back to REMOTE_ADDR, which
is 127.0.0.1.

For now, we can revert back to using `Rack::Request` because these
middlewares don't manipulate parameters. The actual fix problem involves
fixing Rails: https://github.com/rails/rails/issues/28436.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/58573
2019-03-12 12:46:40 -07:00
Stan Hu
aff2b6e4eb Switch use of Rack::Request to ActionDispatch::Request
As mentioned in
https://gitlab.com/gitlab-org/gitlab-ee/issues/9035#note_129093444,
Rails 5 switched ActionDispatch::Request so that it no longer inherits
Rack::Request directly. A middleware that uses Rack::Request to
read the environment may see stale request parameters if
another middleware modifies the environment via ActionDispatch::Request.
To be safe, we should be using ActionDispatch::Request everywhere.
2019-01-07 00:35:53 -08:00
gfyoung
c858f70d07 Enable frozen string for lib/gitlab/*.rb 2018-10-22 07:00:50 +00:00
Michael Kozono
a54a5d9f39 Use Gitlab::SafeRequestStore in more places
Even if it doesn’t save lines of code, since people will tend to use
code they’ve seen. And `SafeRequestStore` is safer since you
don’t have to remember to check `RequestStore.active?`.
2018-09-24 12:11:27 -07:00
Pawel Chojnacki
70b9d8da4c Remove unecessary defaults for uniq ip block, cleanup refactoring leftovers 2017-03-06 15:45:43 +01:00
Pawel Chojnacki
8a9bc24ef8 align schema.rb with upstream and fix rubocop warning about not freezing mutable constants and empty error classes 2017-03-06 15:41:50 +01:00
Pawel Chojnacki
0ef8a64348 Remove unecessary calls to limit_user!, UniqueIps Middleware, and address MR review
- cleanup formating in haml
 - clarify time window is in seconds
 - cleanup straneous chunks in db/schema
 - rename count_uniqe_ips to update_and_return_ips_count
 - other
2017-03-06 15:41:25 +01:00
Pawel Chojnacki
66dc71599c Cleanup formatting 2017-03-06 15:41:24 +01:00
Pawel Chojnacki
e5cf3f51fb Allow limiting logging in users from too many different IPs. 2017-03-06 15:41:24 +01:00