Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
C
Core
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 914
    • Issues 914
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Incidents
  • Analytics
    • Analytics
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
  • Development
  • Core
  • Issues
  • #855

Closed
Open
Opened Apr 06, 2019 by totten@tottenOwner

Dashboard shows inappropriate warnings about automatic HTTP security diagnostic

Steps to reproduce:

  • Install dmaster with recent version (e.g. 5.13.alpha1). (Or, if you already have one, then make sure to log out of it.)
  • Clear caches (e.g. cv flush)
  • Login
  • Observe the dashboard:

Screen_Shot_2019-04-06_at_10.49.39_AM

I did a git bisect and traced this to 4094935a, which changes the technique for detecting HTTP security issues (i.e. get_headers() replaced with similar Guzzle calls). Apparently, Guzzle is more noisy, which sounds generally good... except in this case, HTTP errors are expected and desired - and should not be reported.

Environment: bknix-dfl

Edited Apr 06, 2019 by totten
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
5.12.0
Milestone
5.12.0 (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: dev/core#855