kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/spec/controllers
History
Bob Van Landuyt 39916fdfed Reuses `InternalRedirect` when possible 
`InternalRedirect` prevents Open redirect issues by only allowing
redirection to paths on the same host.

It cleans up any unwanted strings from the path that could point to
another host (fe. //about.gitlab.com/hello). While preserving the
querystring and fragment of the uri.

It is already used by:

- `TermsController`
- `ContinueParams`
  - `ImportsController`
  - `ForksController`
- `SessionsController`: Only for verifying the host in CE. EE allows
   redirecting to a different instance using Geo.
 		2018-05-04 13:54:43 +02:00
..
admin Update invalid test application_settings_controller_spec.rb 2018-04-14 00:04:55 +03:00
boards Port `read_cross_project` ability from EE 2018-02-22 17:11:36 +01:00
concerns Reuses `InternalRedirect` when possible 2018-05-04 13:54:43 +02:00
dashboard
explore
google_api
groups Bring one group board to CE 2018-03-03 12:56:17 -03:00
import Resolve "Namespace factory is problematic" 2018-04-23 15:48:26 +00:00
ldap Refactor OmniauthCallbacksController to remove duplication 2018-04-22 23:50:55 +01:00
oauth Specify base controller for Doorkeeper 2018-02-28 12:05:19 +01:00
profiles
projects Merge branch 'master' into feature/runner-per-group 2018-05-03 09:54:12 +02:00
snippets
users Enforces terms in the web application 2018-05-04 13:54:43 +02:00
abuse_reports_controller_spec.rb
application_controller_spec.rb Enforces terms in the web application 2018-05-04 13:54:43 +02:00
autocomplete_controller_spec.rb Revert few more broken specs related to *_with_namespace methods 2018-03-05 18:25:52 +02:00
dashboard_controller_spec.rb Check if at least one filter is set on dashboard 2018-04-03 20:19:09 +02:00
groups_controller_spec.rb
health_check_controller_spec.rb
health_controller_spec.rb
help_controller_spec.rb
invites_controller_spec.rb
metrics_controller_spec.rb
notification_settings_controller_spec.rb
omniauth_callbacks_controller_spec.rb Writes specs 2018-03-22 16:05:15 +00:00
passwords_controller_spec.rb
profiles_controller_spec.rb Gitlab::Shell works on shard name, not path 2018-04-25 13:36:22 +02:00
projects_controller_spec.rb
registrations_controller_spec.rb
root_controller_spec.rb 'Assigned Issues' and 'Assigned Merge Requests' as dashboard user choices 2018-03-27 12:16:12 +00:00
search_controller_spec.rb Port `read_cross_project` ability from EE 2018-02-22 17:11:36 +01:00
sent_notifications_controller_spec.rb
sessions_controller_spec.rb Reuses `InternalRedirect` when possible 2018-05-04 13:54:43 +02:00
snippets_controller_spec.rb
uploads_controller_spec.rb Revert "Merge branch '3867-port-to-ce' into 'master'" 2018-02-28 21:09:34 +01:00
user_callouts_controller_spec.rb
users_controller_spec.rb Port `read_cross_project` ability from EE 2018-02-22 17:11:36 +01:00