From 7ca780009544ae1c6f96a32113abd2dc6178a53e Mon Sep 17 00:00:00 2001 From: Evan Read Date: Thu, 6 Jun 2019 02:43:36 +0000 Subject: [PATCH] Merge branch 'revert-1322146b' into 'master' Revert "Fix callback url" See merge request gitlab-org/gitlab-ce!29234 (cherry picked from commit dd0d9b27fd3653d236320c34cbdc1f9def5c972d) 8835bdad Revert "Merge branch 'patch-43' into 'master'" --- doc/integration/github.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/integration/github.md b/doc/integration/github.md index e145afbdd5e..5b01dd9feb7 100644 --- a/doc/integration/github.md +++ b/doc/integration/github.md @@ -21,10 +21,10 @@ To get the credentials (a pair of Client ID and Client Secret), you must registe - Application name: This can be anything. Consider something like `'s GitLab` or `'s GitLab` or something else descriptive. - Homepage URL: The URL of your GitLab installation. For example, `https://gitlab.example.com`. - Application description: Fill this in if you wish. - - Authorization callback URL: `http(s)://${YOUR_DOMAIN}/users/auth/github/callback`. Please make sure the port is included if your GitLab instance is not configured on default port. + - Authorization callback URL: `http(s)://${YOUR_DOMAIN}/users/auth`. Please make sure the port is included if your GitLab instance is not configured on default port. ![Register OAuth App](img/github_register_app.png) - NOTE: Be sure to append `/users/auth/github/callback` to the end of the callback URL + NOTE: Be sure to append `/users/auth` to the end of the callback URL to prevent a [OAuth2 convert redirect](http://tetraph.com/covert_redirect/) vulnerability. -- GitLab