Merge pull request #2543 from netfighter/feature/18440-disallow-changing-values-of-hidden-admin-menus
Meets #18440: [Multitenancy][Hide admin menu] Disallow changing values of hidden admin menuspull/2558/merge
commit
ea1a99c0db
@ -0,0 +1,12 @@ |
||||
if OpenProject::Configuration.blacklisted_routes.any? |
||||
# Block logins from a bad user agent |
||||
Rack::Attack.blacklist('block forbidden routes') do |req| |
||||
regex = OpenProject::Configuration.blacklisted_routes.map! { |str| Regexp.new(str) } |
||||
regex.any? { |i| i =~ req.path } |
||||
end |
||||
|
||||
Rack::Attack.blacklisted_response = lambda do |_env| |
||||
# All blacklisted routes would return a 404. |
||||
[404, {}, ['Not found']] |
||||
end |
||||
end |
Loading…
Reference in new issue