Commit 5d66e0e0 authored by Robert Speicher's avatar Robert Speicher

Merge branch 'git-http-no-authenticity-token' into 'master'

Disable CSRF protection when serving Git HTTP clients

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18331

See merge request !4538
parents 0001a0cf 63ed8032
class Projects::GitHttpController < Projects::ApplicationController class Projects::GitHttpController < Projects::ApplicationController
attr_reader :user attr_reader :user
# Git clients will not know what authenticity token to send along
skip_before_action :verify_authenticity_token
skip_before_action :repository skip_before_action :repository
before_action :authenticate_user before_action :authenticate_user
before_action :ensure_project_found! before_action :ensure_project_found!
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment