diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-03-04 18:36:37 +0000 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-03-04 18:36:37 +0000 |
commit | 6c3482d166955cd112b034598f4aaac57af544c3 (patch) | |
tree | d75e188edfbb455ec6f444b99c07f82420c6762b /config/routes | |
parent | 72db8ae2b2d9bc79a96937f3b4943462b053af96 (diff) | |
parent | 9d046c8704c0e7df18d2f9e380e987d22b9a0b2e (diff) | |
download | gitlab-ce-6c3482d166955cd112b034598f4aaac57af544c3.tar.gz |
Merge branch 'security-50334' into 'master'
Fix git clone revealing private repo's presence
See merge request gitlab/gitlabhq!2937
Diffstat (limited to 'config/routes')
-rw-r--r-- | config/routes/git_http.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/config/routes/git_http.rb b/config/routes/git_http.rb index ec5c68f81df..a959d40881b 100644 --- a/config/routes/git_http.rb +++ b/config/routes/git_http.rb @@ -40,7 +40,7 @@ scope(path: '*namespace_id/:project_id', # /info/refs?service=git-receive-pack, but nothing else. # git_http_handshake = lambda do |request| - ::Constraints::ProjectUrlConstrainer.new.matches?(request) && + ::Constraints::ProjectUrlConstrainer.new.matches?(request, existence_check: false) && (request.query_string.blank? || request.query_string.match(/\Aservice=git-(upload|receive)-pack\z/)) end |