lib · 37fbb15a2967523d41887f55b6f38e6d74bd6d7f · Forest Godfrey / gitlab-ce

Merge branch 'gitlab-workhorse-safeties' into 'master' · b7e6da5a

authored Sep 09, 2016

Security and safety improvements for gitlab-workhorse integration

Companion to https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/60

- Use a custom content type when sending data to gitlab-workhorse
- Verify (using JWT and a shared secret on disk) that internal API requests came from gitlab-workhorse

This will allow us to build features in gitlab-workhorse that require
more trust, and protect us against programming mistakes in the future.

This is designed so that no action is required for installations from
source. For omnibus-gitlab we need to add code that manages the shared
secret.

See merge request !5907

b7e6da5a

Name	Last commit	Last update
..
api		Loading commit data...
assets		Loading commit data...
backup		Loading commit data...
banzai		Loading commit data...
ci		Loading commit data...
container_registry		Loading commit data...
gitlab		Loading commit data...
json_web_token		Loading commit data...
omni_auth		Loading commit data...
rouge/formatters		Loading commit data...
support		Loading commit data...
tasks		Loading commit data...
banzai.rb		Loading commit data...
disable_email_interceptor.rb		Loading commit data...
event_filter.rb		Loading commit data...
extracts_path.rb		Loading commit data...
file_size_validator.rb		Loading commit data...
file_streamer.rb		Loading commit data...
gitlab.rb		Loading commit data...
gt_one_coercion.rb		Loading commit data...
repository_cache.rb		Loading commit data...
static_model.rb		Loading commit data...
unfold_form.rb		Loading commit data...
uploaded_file.rb		Loading commit data...
version_check.rb		Loading commit data...