kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/spec/requests
History
Jacob Vosmaer (GitLab) b7e6da5a4b Merge branch 'gitlab-workhorse-safeties' into 'master' 
Security and safety improvements for gitlab-workhorse integration

Companion to https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/60

- Use a custom content type when sending data to gitlab-workhorse
- Verify (using JWT and a shared secret on disk) that internal API requests came from gitlab-workhorse

This will allow us to build features in gitlab-workhorse that require
more trust, and protect us against programming mistakes in the future.

This is designed so that no action is required for installations from
source. For omnibus-gitlab we need to add code that manages the shared
secret.

See merge request !5907
2016-09-09 11:33:08 +00:00
..
api Code refactor 2016-09-07 12:10:49 +02:00
ci/api Move lint to api from ci/api 2016-09-07 12:10:49 +02:00
projects Path could also have slashes! Feedback: 2016-08-24 16:02:56 +08:00
git_http_spec.rb Verify JWT messages from gitlab-workhorse 2016-09-05 15:05:31 +02:00
jwt_controller_spec.rb Project tools visibility level 2016-09-01 11:47:59 -03:00
lfs_http_spec.rb Verify JWT messages from gitlab-workhorse 2016-09-05 15:05:31 +02:00