-
由 Stan Hu 创作于Previously anytime `ApplicationSetting` were updated `UrlBlocker` would attempt to resolve the IPs and determine whether they were allowed by the current settings. However, in an offline environment, services like Diagrams.net may not be resolved even if they are enabled by default. This commit skips the validations that require resolving IP addresses if there are no restrictions on outgoing requests: - Allow requests to the local network is checked - Allow requests to the local network from system hooks is checked - DNS rebinding attack protection is disabled - Block all requests, except for IP addresses, IP ranges, and domain names defined in the allowlist (`deny_all_requests_except_allowed`) is disabled Note that the URL validators in `ApplicationSetting` only pass in the current `deny_all_requests_except_allowed` setting, so if that is active then IP resolution will occur. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/467524 Changelog: fixed
由 Stan Hu 创作于Previously anytime `ApplicationSetting` were updated `UrlBlocker` would attempt to resolve the IPs and determine whether they were allowed by the current settings. However, in an offline environment, services like Diagrams.net may not be resolved even if they are enabled by default. This commit skips the validations that require resolving IP addresses if there are no restrictions on outgoing requests: - Allow requests to the local network is checked - Allow requests to the local network from system hooks is checked - DNS rebinding attack protection is disabled - Block all requests, except for IP addresses, IP ranges, and domain names defined in the allowlist (`deny_all_requests_except_allowed`) is disabled Note that the URL validators in `ApplicationSetting` only pass in the current `deny_all_requests_except_allowed` setting, so if that is active then IP resolution will occur. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/467524 Changelog: fixed
Gemfile.lock 5.15 KiB