b7e6da5a4b
Security and safety improvements for gitlab-workhorse integration Companion to https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/60 - Use a custom content type when sending data to gitlab-workhorse - Verify (using JWT and a shared secret on disk) that internal API requests came from gitlab-workhorse This will allow us to build features in gitlab-workhorse that require more trust, and protect us against programming mistakes in the future. This is designed so that no action is required for installations from source. For omnibus-gitlab we need to add code that manages the shared secret. See merge request !5907 |
||
|---|---|---|
| .. | ||
| environments | ||
| initializers | ||
| locales | ||
| application.rb | ||
| aws.yml.example | ||
| boot.rb | ||
| database.yml.env | ||
| database.yml.mysql | ||
| database.yml.postgresql | ||
| dependency_decisions.yml | ||
| environment.rb | ||
| gitlab.yml.example | ||
| license_finder.yml | ||
| mail_room.yml | ||
| newrelic.yml | ||
| resque.yml.example | ||
| routes.rb | ||
| secrets.yml.example | ||
| sidekiq.yml.example | ||
| unicorn.rb.example | ||
| unicorn.rb.example.development | ||