Skip to content
Commit 650a7c73 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets Committed by Marin Jankovski
Browse files

Merge branch 'project-existence-leak' into 'master'

Don't leak information about private project existence via Git-over-SSH/HTTP.

Fixes #2040 and https://gitlab.com/gitlab-org/gitlab-ce/issues/343.

Both `Grack::Auth` (used by Git-over-HTTP) and `Api::Internal /allowed` (used by gitlab-shell/Git-over-SSH) now return a generic "Not Found" error when the project exists but the user doesn't have access to it.

See merge request !1578
parent c0f8b956
Loading
Loading
Loading