• Nick Thomas's avatar
    Don't expose project existence by redirecting from its .git URL · 406a452d
    Nick Thomas authored
    If you visit /group/project.git in a web browser, you are redirected to
    /group/project as long as the project exists. This is a good idea, but
    we should only do it when a user is authorized to see the project.
    Doing it unconditionally means that we leak the fact that the project
    exists to unauthorized users.
    406a452d
245260-fix-git-url-project-disclosure.yml 116 Bytes