Merge branch 'gitlab-workhorse-safeties' into 'master'

Security and safety improvements for gitlab-workhorse integration Companion to https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/60 - Use a custom content type when sending data to gitlab-workhorse - Verify (using JWT and a shared secret on disk) that internal API requests came from gitlab-workhorse This will allow us to build features in gitlab-workhorse that require more trust, and protect us against programming mistakes in the future. This is designed so that no action is required for installations from source. For omnibus-gitlab we need to add code that manages the shared secret. See merge request !5907 Conflicts: GITLAB_WORKHORSE_VERSION doc/install/installation.md doc/update/8.11-to-8.12.md lib/gitlab/workhorse.rb spec/lib/gitlab/workhorse_spec.rb spec/requests/ci/api/builds_spec.rb spec/requests/git_http_spec.rb

Merge branch 'gitlab-workhorse-safeties' into 'master'
Security and safety improvements for gitlab-workhorse integration Companion to https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/60 - Use a custom content type when sending data to gitlab-workhorse - Verify (using JWT and a shared secret on disk) that internal API requests came from gitlab-workhorse This will allow us to build features in gitlab-workhorse that require more trust, and protect us against programming mistakes in the future. This is designed so that no action is required for installations from source. For omnibus-gitlab we need to add code that manages the shared secret. See merge request !5907 Conflicts: GITLAB_WORKHORSE_VERSION doc/install/installation.md doc/update/8.11-to-8.12.md lib/gitlab/workhorse.rb spec/lib/gitlab/workhorse_spec.rb spec/requests/ci/api/builds_spec.rb spec/requests/git_http_spec.rb
81978178 · Jacob Vosmaer (GitLab) · Ruben Davila · bec0c455 · 81978178
Commit 81978178 authored Sep 09, 2016 by Jacob Vosmaer (GitLab) Committed by Ruben Davila Sep 20, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

app/controllers/projects/git_http_client_controller.rb app/controllers/projects/git_http_client_controller.rb +4 -0

No files found.
--- a/app/controllers/projects/git_http_client_controller.rb
+++ b/app/controllers/projects/git_http_client_controller.rb
@@ -153,4 +153,8 @@ class Projects::GitHttpClientController < Projects::ApplicationController
  def verify_workhorse_api!
    Gitlab::Workhorse.verify_api_request!(request.headers)
  end
+
+  def verify_workhorse_api!
+    Gitlab::Workhorse.verify_api_request!(request.headers)
+  end
 end