Disallow bare pages domain as custom domain

d8c9f036 · Markus Legner · 71f3a88c · d8c9f036 · d8c9f036
Commit d8c9f036 authored Jan 19, 2022 by Markus Legner
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

app/models/pages_domain.rb app/models/pages_domain.rb +2 -2

spec/models/pages_domain_spec.rb spec/models/pages_domain_spec.rb +1 -1

No files found.
--- a/app/models/pages_domain.rb
+++ b/app/models/pages_domain.rb
@@ -245,8 +245,8 @@ class PagesDomain < ApplicationRecord
  def validate_pages_domain
    return unless domain

-    if domain.downcase.ends_with?(".#{Settings.pages.host.downcase}")
-      self.errors.add(:domain, "*.#{Settings.pages.host} is restricted. Please compare our documentation at https://docs.gitlab.com/ee/administration/pages/#advanced-configuration against your configuration.")
+    if domain.downcase.ends_with?(".#{Settings.pages.host.downcase}") || domain.casecmp(Settings.pages.host) == 0
+      self.errors.add(:domain, "#{Settings.pages.host} and its subdomains cannot be used as custom pages domains. Please compare our documentation at https://docs.gitlab.com/ee/administration/pages/#advanced-configuration against your configuration.")
    end
  end


--- a/spec/models/pages_domain_spec.rb
+++ b/spec/models/pages_domain_spec.rb
@@ -36,9 +36,9 @@ RSpec.describe PagesDomain do
        '123.456.789'      => true,
        '0x12345.com'      => true,
        '0123123'          => true,
-        'reserved.com'     => true,
        'a-reserved.com'   => true,
        'a.b-reserved.com' => true,
+        'reserved.com'     => false,
        '_foo.com'         => false,
        'a.reserved.com'   => false,
        'a.b.reserved.com' => false,