Commit 15b1bf84 authored by Douwe Maan's avatar Douwe Maan

Merge branch 'revert-host-header-overwrite' into 'master'

Revert "Defend against 'Host' header injection"

We reverted this in omnibus but forgot to do it in the source NGINX template.

See merge request !5706
parents d668b145 427c9f0b
...@@ -49,12 +49,7 @@ server { ...@@ -49,12 +49,7 @@ server {
proxy_http_version 1.1; proxy_http_version 1.1;
## By overwriting Host and clearing X-Forwarded-Host we ensure that proxy_set_header Host $http_host;
## internal HTTP redirects generated by GitLab always send users to
## YOUR_SERVER_FQDN.
proxy_set_header Host YOUR_SERVER_FQDN;
proxy_set_header X-Forwarded-Host "";
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
......
...@@ -93,12 +93,7 @@ server { ...@@ -93,12 +93,7 @@ server {
proxy_http_version 1.1; proxy_http_version 1.1;
## By overwriting Host and clearing X-Forwarded-Host we ensure that proxy_set_header Host $http_host;
## internal HTTP redirects generated by GitLab always send users to
## YOUR_SERVER_FQDN.
proxy_set_header Host YOUR_SERVER_FQDN;
proxy_set_header X-Forwarded-Host "";
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment