Allow not resolvable urls when dns rebinding setting is disabled
What does this MR do?
In the UrlBlocker
class, when the url is not resolvable, we raise an exception. This was added in order to mitigate the bypass of the fix to prevent DNS rebinding attacks.
Nevertheless, there are scenarios in which the url is valid but, at the moment of the checking, is still not resolvable. This url should be allowed in case the DNS rebinding protection setting is disabled.
Refs https://gitlab.com/gitlab-org/gitlab-ce/issues/66723
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry for user-facing changes, or community contribution. Check the link for other scenarios. -
Documentation created/updated or follow-up review issue created -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Edited by Francisco Javier López