Ensure localhost URLs are valid

ee/app/models/ee/application_setting.rb

@@ -298,7 +298,7 @@ module EE
       # ElasticSearch only exposes a RESTful API, hence we need
       # to use the HTTP protocol on all URLs.
       elasticsearch_url.each do |str|
-        ::Gitlab::UrlBlocker.validate!(str, schemes: %w[http https])
+        ::Gitlab::UrlBlocker.validate!(str, schemes: %w[http https], allow_localhost: true)
       end
     rescue ::Gitlab::UrlBlocker::BlockedUrlError
       errors.add(:elasticsearch_url, "only supports valid HTTP(S) URLs.")

ee/spec/models/application_setting_spec.rb

@@ -111,12 +111,13 @@ describe ApplicationSetting do
         "http://10.0.0.1" | true
         "https://10.0.0.1" | true
         "http://10.0.0.1, https://10.0.0.1" | true
+        "http://localhost" | true
+        "http://127.0.0.1" | true
 
         "es.localdomain" | false
         "10.0.0.1" | false
         "http://es.localdomain, es.localdomain" | false
         "http://es.localdomain, 10.0.0.1" | false
-
         "this_isnt_a_url" | false
       end
 

lib/gitlab/url_blocker.rb

@@ -11,8 +11,8 @@ module Gitlab
       # Validates the given url according to the constraints specified by arguments.
       #
       # ports - Raises error if the given URL port does is not between given ports.
-      # allow_localhost - Raises error if URL resolves to a localhost IP address and argument is true.
-      # allow_local_network - Raises error if URL resolves to a link-local address and argument is true.
+      # allow_localhost - Raises error if URL resolves to a localhost IP address and argument is false.
+      # allow_local_network - Raises error if URL resolves to a link-local address and argument is false.
       # ascii_only - Raises error if URL has unicode characters and argument is true.
       # enforce_user - Raises error if URL user doesn't start with alphanumeric characters and argument is true.
       # enforce_sanitization - Raises error if URL includes any HTML/CSS/JS tags and argument is true.