b7e6da5a4b
Security and safety improvements for gitlab-workhorse integration Companion to https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/60 - Use a custom content type when sending data to gitlab-workhorse - Verify (using JWT and a shared secret on disk) that internal API requests came from gitlab-workhorse This will allow us to build features in gitlab-workhorse that require more trust, and protect us against programming mistakes in the future. This is designed so that no action is required for installations from source. For omnibus-gitlab we need to add code that manages the shared secret. See merge request !5907 |
||
---|---|---|
.. | ||
admin | ||
ci | ||
concerns | ||
dashboard | ||
explore | ||
groups | ||
import | ||
oauth | ||
profiles | ||
projects | ||
sherlock | ||
abuse_reports_controller.rb | ||
application_controller.rb | ||
autocomplete_controller.rb | ||
confirmations_controller.rb | ||
dashboard_controller.rb | ||
emojis_controller.rb | ||
groups_controller.rb | ||
health_check_controller.rb | ||
help_controller.rb | ||
invites_controller.rb | ||
jwt_controller.rb | ||
koding_controller.rb | ||
namespaces_controller.rb | ||
notification_settings_controller.rb | ||
omniauth_callbacks_controller.rb | ||
passwords_controller.rb | ||
profiles_controller.rb | ||
projects_controller.rb | ||
registrations_controller.rb | ||
root_controller.rb | ||
search_controller.rb | ||
sent_notifications_controller.rb | ||
sessions_controller.rb | ||
snippets_controller.rb | ||
uploads_controller.rb | ||
users_controller.rb |