[378267] Skip DNS rebinding checks if HTTP_PROXY present
What does this MR do and why?
Implementation for Skip DNS rebinding protection when HTTP_PROXY environment is set.
Screenshots or screen recordings
- Local test before fix.
- Local test after fix.
How to set up and validate locally
- Set up forward proxy locally. I used nginx docker image for that purpose and set it up on 8888 port.
- Change
lib/gitlab/github_import/client.rb
api_endpoint, web_endpoint methods to http://api.github.com and http://github.com. Or probably you could change the github omniauth site value to an http (not https endpoint) if your proxy doesn't support https as my own. - Turn off your/proxy internet connection. It's the most simple method to fail host resolving process.
My nginx proxy config
server {
listen 8888;
location / {
resolver 8.8.8.8;
proxy_pass https://$http_host$uri$is_args$args;
proxy_pass_request_headers on;
proxy_pass_request_body on;
proxy_read_timeout 2s;
}
}
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.