1. 18 Feb, 2019 1 commit
  2. 13 Feb, 2019 1 commit
  3. 08 Feb, 2019 1 commit
  4. 31 Jan, 2019 1 commit
    • Stan Hu's avatar
      Alias GitHub and BitBucket OAuth2 callback URLs · 88f2e961
      Stan Hu authored
      To prevent an OAuth2 covert redirect vulnerability, this commit adds and
      uses an alias for the GitHub and BitBucket OAuth2 callback URLs to the
      following paths:
      
      GitHub: /users/auth/-/import/github
      Bitbucket: /users/auth/-/import/bitbucket
      
      This allows admins to put a more restrictive callback URL in the OAuth2
      configuration settings. Instead of https://example.com, admins can now use:
      
      https://example.com/users/auth
      
      It's possible but not trivial to change Devise and OmniAuth to use a
      different prefix for callback URLs instead of /users/auth. For now,
      aliasing the import URLs under the /users/auth namespace should suffice.
      
      Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56663
      88f2e961
  5. 24 Jan, 2019 1 commit
  6. 22 Jan, 2019 1 commit
    • Stan Hu's avatar
      Alias GitHub and BitBucket OAuth2 callback URLs · 6d57b2fd
      Stan Hu authored
      To prevent an OAuth2 covert redirect vulnerability, this commit adds and
      uses an alias for the GitHub and BitBucket OAuth2 callback URLs to the
      following paths:
      
      GitHub: /users/auth/-/import/github
      Bitbucket: /users/auth/-/import/bitbucket
      
      This allows admins to put a more restrictive callback URL in the OAuth2
      configuration settings. Instead of https://example.com, admins can now use:
      
      https://example.com/users/auth
      
      It's possible but not trivial to change Devise and OmniAuth to use a
      different prefix for callback URLs instead of /users/auth. For now,
      aliasing the import URLs under the /users/auth namespace should suffice.
      
      Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56663
      6d57b2fd
  7. 11 Jan, 2019 1 commit
  8. 08 Jan, 2019 1 commit
  9. 29 Dec, 2018 1 commit
  10. 18 Dec, 2018 1 commit
  11. 07 Dec, 2018 1 commit
  12. 20 Nov, 2018 1 commit
  13. 13 Nov, 2018 3 commits
  14. 09 Nov, 2018 1 commit
  15. 01 Nov, 2018 1 commit
  16. 22 Oct, 2018 1 commit
  17. 19 Oct, 2018 1 commit
  18. 25 Sep, 2018 1 commit
  19. 21 Sep, 2018 1 commit
  20. 13 Sep, 2018 1 commit
  21. 06 Sep, 2018 1 commit
  22. 27 Aug, 2018 1 commit
  23. 20 Aug, 2018 1 commit
  24. 09 Aug, 2018 1 commit
  25. 08 Aug, 2018 1 commit
  26. 10 Jul, 2018 1 commit
  27. 06 Jul, 2018 1 commit
  28. 05 Jul, 2018 1 commit
  29. 04 Jul, 2018 1 commit
  30. 28 Jun, 2018 1 commit
  31. 25 Jun, 2018 1 commit
  32. 22 Jun, 2018 1 commit
  33. 18 Jun, 2018 1 commit
  34. 06 Jun, 2018 1 commit
  35. 04 Jun, 2018 1 commit
  36. 31 May, 2018 1 commit
  37. 30 May, 2018 1 commit
  38. 02 May, 2018 1 commit