• Jacob Vosmaer (GitLab)'s avatar
    Merge branch 'gitlab-workhorse-safeties' into 'master' · 81978178
    Jacob Vosmaer (GitLab) authored
    Security and safety improvements for gitlab-workhorse integration
    
    Companion to https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/60
    
    - Use a custom content type when sending data to gitlab-workhorse
    - Verify (using JWT and a shared secret on disk) that internal API requests came from gitlab-workhorse
    
    This will allow us to build features in gitlab-workhorse that require
    more trust, and protect us against programming mistakes in the future.
    
    This is designed so that no action is required for installations from
    source. For omnibus-gitlab we need to add code that manages the shared
    secret.
    
    See merge request !5907
    Conflicts:
    	GITLAB_WORKHORSE_VERSION
    	doc/install/installation.md
    	doc/update/8.11-to-8.12.md
    	lib/gitlab/workhorse.rb
    	spec/lib/gitlab/workhorse_spec.rb
    	spec/requests/ci/api/builds_spec.rb
    	spec/requests/git_http_spec.rb
    81978178
git_http_client_controller.rb 4.31 KB