request #21367 Disallow http:// URLs when adding a GitLab repository

Infos

Artifact ID#21367

Submitted byThomas Gerbet (tgerbet)

Last Modified On2021-05-19 11:15

Submitted on2021-05-18 16:11

Rank22964

Details

Summary *

Disallow http:// URLs when adding a GitLab repository

Original Submission

Tuleap instances are expected to be served under HTTPS which make not possible to do a request to an HTTP endpoint because browsers blocks active mixed content (or to be more specific in our situation with the CSP Tuleap uses, the browser will attempt to upgrade the URL to https://).

In any case it's not a good idea to try to reach the GitLab server over HTTP since the request will contain credential information.

CategorySCM/GitLab

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2021-05-19

Attachments

AttachmentsEmpty

References

Cross references

Referencing request #21367

Git commit

tuleap/tuleap/stable

Merge commit 'refs/changes/52/22752/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 8499ab6ae0

Benjamin Bouillot (ben.bouillot) , 2021-05-19 11:11

request #21367: Disallow http:// URLs when adding a GitLab repository 08d7a4f45c

Thomas Gerbet (tgerbet) , 2021-05-18 16:33

Show items referenced by request #21367

Referenced by request #21367

Artifact Tracker v5

rel #20930 12.9

Other

Follow-ups

Benjamin Bouillot (ben.bouillot)

2021-05-19 11:15

integrated into Tuleap 12.8.99.16

Status changed from Under review to Closed
Connected artifacts
- Added Fixed in: rel #20930
Close date set to 2021-05-19

Thomas Gerbet (tgerbet)

2021-05-18 16:37

See gerrit #22752.

Status changed from Under implementation to Under review