Commit 1322146b authored by Evan Read's avatar Evan Read

Merge branch 'patch-43' into 'master'

Fix callback url

See merge request gitlab-org/gitlab-ce!25195
parents c6016ac8 d219fbb9
...@@ -21,10 +21,10 @@ To get the credentials (a pair of Client ID and Client Secret), you must registe ...@@ -21,10 +21,10 @@ To get the credentials (a pair of Client ID and Client Secret), you must registe
- Application name: This can be anything. Consider something like `<Organization>'s GitLab` or `<Your Name>'s GitLab` or something else descriptive. - Application name: This can be anything. Consider something like `<Organization>'s GitLab` or `<Your Name>'s GitLab` or something else descriptive.
- Homepage URL: the URL to your GitLab installation. e.g., `https://gitlab.company.com` - Homepage URL: the URL to your GitLab installation. e.g., `https://gitlab.company.com`
- Application description: Fill this in if you wish. - Application description: Fill this in if you wish.
- Authorization callback URL: `http(s)://${YOUR_DOMAIN}/users/auth`. Please make sure the port is included if your GitLab instance is not configured on default port. - Authorization callback URL: `http(s)://${YOUR_DOMAIN}/users/auth/github/callback`. Please make sure the port is included if your GitLab instance is not configured on default port.
![Register OAuth App](img/github_register_app.png) ![Register OAuth App](img/github_register_app.png)
NOTE: Be sure to append `/users/auth` to the end of the callback URL NOTE: Be sure to append `/users/auth/github/callback` to the end of the callback URL
to prevent a [OAuth2 convert to prevent a [OAuth2 convert
redirect](http://tetraph.com/covert_redirect/) vulnerability. redirect](http://tetraph.com/covert_redirect/) vulnerability.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment