Merge branch 'git-http-no-authenticity-token' into 'master'

Disable CSRF protection when serving Git HTTP clients Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18331 See merge request !4538

Merge branch 'git-http-no-authenticity-token' into 'master'
Disable CSRF protection when serving Git HTTP clients Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18331 See merge request !4538
5d66e0e0 · Robert Speicher · 0001a0cf · 63ed8032 · 5d66e0e0
Commit 5d66e0e0 authored Jun 08, 2016 by Robert Speicher
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

app/controllers/projects/git_http_controller.rb app/controllers/projects/git_http_controller.rb +2 -0

No files found.
--- a/app/controllers/projects/git_http_controller.rb
+++ b/app/controllers/projects/git_http_controller.rb
 class Projects::GitHttpController < Projects::ApplicationController
  attr_reader :user

+  # Git clients will not know what authenticity token to send along
+  skip_before_action :verify_authenticity_token
  skip_before_action :repository
  before_action :authenticate_user
  before_action :ensure_project_found!