Skip to content

origin_save: Reject save request when origin URL contains a password

For obvious security reasons, do not accept a Save Code Now request for an origin URL containing a password in it as the list of submitted requests are publicly browsable from the Web UI.

Nevertheless accept origin URLs with anonymous credentials (CVS ones for instance).

Related to #4240 (closed)


Migrated from D7843 (view on Phabricator)

Merge request reports