Skip to content

origin_save: Reject save request when origin URL contains a password

Antoine Lambert requested to merge generated-differential-D7843-source into generated-differential-D7843-target

For obvious security reasons, do not accept a Save Code Now request for an origin URL containing a password in it as the list of submitted requests are publicly browsable from the Web UI.

Nevertheless accept origin URLs with anonymous credentials (CVS ones for instance).

Related to #4240 (closed)

Migrated from D7843 (view on Phabricator)

Merge request reports