• Tiger's avatar
    Validate session key when authorizing with GCP to create a cluster · e8ec0410
    Tiger authored
    It was previously possible to link a GCP account to another
    user's GitLab account by having them visit the callback URL,
    as there was no check that they were the initiator of the
    We now reject the callback unless the state parameter
    matches the one added to the initiating user's session.
security-kubernetes-google-login-csrf.yml 116 Bytes