summaryrefslogtreecommitdiff
path: root/config/routes
diff options
context:
space:
mode:
authorYorick Peterse <yorickpeterse@gmail.com>2019-03-04 18:36:37 +0000
committerYorick Peterse <yorickpeterse@gmail.com>2019-03-04 18:36:37 +0000
commit6c3482d166955cd112b034598f4aaac57af544c3 (patch)
treed75e188edfbb455ec6f444b99c07f82420c6762b /config/routes
parent72db8ae2b2d9bc79a96937f3b4943462b053af96 (diff)
parent9d046c8704c0e7df18d2f9e380e987d22b9a0b2e (diff)
downloadgitlab-ce-6c3482d166955cd112b034598f4aaac57af544c3.tar.gz
Merge branch 'security-50334' into 'master'
Fix git clone revealing private repo's presence See merge request gitlab/gitlabhq!2937
Diffstat (limited to 'config/routes')
-rw-r--r--config/routes/git_http.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/config/routes/git_http.rb b/config/routes/git_http.rb
index ec5c68f81df..a959d40881b 100644
--- a/config/routes/git_http.rb
+++ b/config/routes/git_http.rb
@@ -40,7 +40,7 @@ scope(path: '*namespace_id/:project_id',
# /info/refs?service=git-receive-pack, but nothing else.
#
git_http_handshake = lambda do |request|
- ::Constraints::ProjectUrlConstrainer.new.matches?(request) &&
+ ::Constraints::ProjectUrlConstrainer.new.matches?(request, existence_check: false) &&
(request.query_string.blank? ||
request.query_string.match(/\Aservice=git-(upload|receive)-pack\z/))
end