• Alessio Caiazza's avatar
    Validate URI scheme also for internal URI · 759c5296
    Alessio Caiazza authored
    Gitlab::UrlBlocker ignores scheme when validating URI matching either
    config.gitlab or config.gitlab_shell
    
    This patch enforces matching config.gitlab.protocol for internal web and
    ssh for internal shell.
    759c5296
security-stored-xss-for-environments.yml 81 Bytes