Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
4d0875c0
Commit
4d0875c0
authored
Sep 05, 2019
by
GitLab Bot
Browse files
Options
Browse Files
Download
Plain Diff
Automatic merge of gitlab-org/gitlab-ce master
parents
1e857e54
4e9c531a
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
49 additions
and
1 deletion
+49
-1
app/validators/addressable_url_validator.rb
app/validators/addressable_url_validator.rb
+7
-1
changelogs/unreleased/fj-remove-dns-protection-when-validating.yml
...s/unreleased/fj-remove-dns-protection-when-validating.yml
+5
-0
spec/validators/addressable_url_validator_spec.rb
spec/validators/addressable_url_validator_spec.rb
+37
-0
No files found.
app/validators/addressable_url_validator.rb
View file @
4d0875c0
...
...
@@ -42,6 +42,11 @@
class
AddressableUrlValidator
<
ActiveModel
::
EachValidator
attr_reader
:record
# By default, we avoid checking the dns rebinding protection
# when saving/updating a record. Sometimes, the url
# is not resolvable at that point, and some automated
# tasks that uses that url won't work.
# See https://gitlab.com/gitlab-org/gitlab-ce/issues/66723
BLOCKER_VALIDATE_OPTIONS
=
{
schemes:
%w(http https)
,
ports:
[],
...
...
@@ -49,7 +54,8 @@ class AddressableUrlValidator < ActiveModel::EachValidator
allow_local_network:
true
,
ascii_only:
false
,
enforce_user:
false
,
enforce_sanitization:
false
enforce_sanitization:
false
,
dns_rebind_protection:
false
}.
freeze
DEFAULT_OPTIONS
=
BLOCKER_VALIDATE_OPTIONS
.
merge
({
...
...
changelogs/unreleased/fj-remove-dns-protection-when-validating.yml
0 → 100644
View file @
4d0875c0
---
title
:
Avoid checking dns rebind protection when validating
merge_request
:
32577
author
:
type
:
fixed
spec/validators/addressable_url_validator_spec.rb
View file @
4d0875c0
...
...
@@ -92,6 +92,15 @@ describe AddressableUrlValidator do
expect
(
badge
.
errors
).
to
be_empty
expect
(
badge
.
link_url
).
to
eq
(
'https://127.0.0.1'
)
end
it
'allows urls that cannot be resolved'
do
stub_env
(
'RSPEC_ALLOW_INVALID_URLS'
,
'false'
)
badge
.
link_url
=
'http://foobar.x'
subject
expect
(
badge
.
errors
).
to
be_empty
end
end
context
'when message is set'
do
...
...
@@ -312,4 +321,32 @@ describe AddressableUrlValidator do
end
end
end
context
'when dns_rebind_protection is'
do
let
(
:not_resolvable_url
)
{
'http://foobar.x'
}
let
(
:validator
)
{
described_class
.
new
(
attributes:
[
:link_url
],
dns_rebind_protection:
dns_value
)
}
before
do
stub_env
(
'RSPEC_ALLOW_INVALID_URLS'
,
'false'
)
badge
.
link_url
=
not_resolvable_url
subject
end
context
'true'
do
let
(
:dns_value
)
{
true
}
it
'raises error'
do
expect
(
badge
.
errors
).
to
be_present
end
end
context
'false'
do
let
(
:dns_value
)
{
false
}
it
'allows urls that cannot be resolved'
do
expect
(
badge
.
errors
).
to
be_empty
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment