Commit 090f2344 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'set-default-url-options' into 'master'

Set Application controller default URL options to ensure all url_for calls are consistent

### What does this MR do?

This MR sets the app controller's `default_url_options` so that all `url_for` calls are consistent.

### Are there points in the code the reviewer needs to double check?

Setting these options may simplify `url_for` calls that load the GitLab options already. I did not want to touch existing code yet. I'm also not sure if there are other options that need to be included.

### Why was this MR needed?

If you run GitLab behind a reverse proxy or in a Docker container, you don't want a user to be seeing the local IP and port on which GitLab is running (e.g. 192.168.1.1:8080). Right now there are places where this internal data is leaked (e.g. see the URL in Profile Settings -> Account -> Username; this uses `user_url`).

### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)?

#1249

See merge request !453
parents a94f8a3c 8173ef97
...@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date. ...@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 7.10.0 (unreleased) v 7.10.0 (unreleased)
- Fix broken side-by-side diff view on merge request page (Stan Hu) - Fix broken side-by-side diff view on merge request page (Stan Hu)
- Set Application controller default URL options to ensure all url_for calls are consistent (Stan Hu)
- Allow HTML tags in Markdown input - Allow HTML tags in Markdown input
- Fix code unfold not working on Compare commits page (Stan Hu) - Fix code unfold not working on Compare commits page (Stan Hu)
- Include missing events and fix save functionality in admin service template settings form (Stan Hu) - Include missing events and fix save functionality in admin service template settings form (Stan Hu)
......
...@@ -178,6 +178,18 @@ class ApplicationController < ActionController::Base ...@@ -178,6 +178,18 @@ class ApplicationController < ActionController::Base
response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT" response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
end end
def default_url_options
if !Rails.env.test?
port = Gitlab.config.gitlab.port unless Gitlab.config.gitlab_on_standard_port?
{ host: Gitlab.config.gitlab.host,
protocol: Gitlab.config.gitlab.protocol,
port: port,
script_name: Gitlab.config.gitlab.relative_url_root }
else
super
end
end
def default_headers def default_headers
headers['X-Frame-Options'] = 'DENY' headers['X-Frame-Options'] = 'DENY'
headers['X-XSS-Protection'] = '1; mode=block' headers['X-XSS-Protection'] = '1; mode=block'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment