Skip to content
Commit e2051df6 authored by Douwe Maan's avatar Douwe Maan Committed by Oswaldo Ferreira
Browse files

Protect Gitlab::HTTP against DNS rebinding attack

Gitlab::HTTP now resolves the hostname only once, verifies the IP is not
blocked, and then uses the same IP to perform the actual request, while
passing the original hostname in the `Host` header and SSL SNI field.
parent 36c7ae27
Loading
Loading
Loading