Comments (12)
@linucksrox You may want to take a look at this document.
To prevent this type of exploitation from happening, starting with GitLab 10.6, all Webhook requests to the current GitLab instance server address and/or in a private network are forbidden by default. That means that all requests made to 127.0.0.1, ::1 and 0.0.0.0, as well as IPv4 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 and IPv6 site-local (ffc0::/10) addresses arenβt allowed.
If it's the case for you, you can solve this problem by changing this behavior on GitLab Settings.
from bytebase.
Reopen this as we should also mention this directly in the product. Having Bytebase and GitLab in the same private network is a very likely setup.
from bytebase.
Yes, I think the error message should mention this. I can help with this.
from bytebase.
I have something different in mind. We should avoid overburden users with information in the happy-path UI, instead, we can show the tips in the error prompt when we know it's most useful the the user.
SGTM. BTW, if you also want to improve the backend error message. The code is around here https://github.com/bytebase/bytebase/blob/main/server/project.go#L191-L192
:) I know, already testing the change in my environment. The frontend environment seems to be broken, PTAL at #109
from bytebase.
@tianzhou Please assign this issue to me to avoid duplicate works on it.
from bytebase.
Thanks for the report, we will take a look and follow up soon.
from bytebase.
Unable to reproduce for now.
@linucksrox could you please provide your GitLab version?
Also could you please paste the message on the console after supplying the --debug option on startup https://docs.bytebase.com/reference/command-line#debug
from bytebase.
I tried again after enabling debug mode, and the output was this:
bytebase_bytebase.1.taax3az06lfg@docker181 | {"time":"2021-12-03T14:11:42Z","method":"POST","uri":"/api/project/101/repository","status":500,"error":"code=500, message=Failed to create webhook for project ID: 101, status code: 422"}
Thank you for pointing me in the right direction with the Gitlab webhook settings! I was able to get it working by checking "Allow requests to the local network from web hooks and services." and also adding the bytebase domain name in the allow list.
from bytebase.
Thanks @suzaku to point out the right direction. Add this to the troubleshoot guide https://docs.bytebase.com/use-bytebase/vcs-integration/troubleshoot#failed-to-create-webhook-xxx-status-code-422-for-gitlab
from bytebase.
@suzaku I am also thinking to include a note around here https://github.com/bytebase/bytebase/blob/main/frontend/src/components/RepositorySetupWizard.vue#L4
This message stays on the top during the entire VCS setup process.
from bytebase.
I have something different in mind.
We should avoid overburden users with information in the happy-path UI, instead, we can show the tips in the error prompt when we know it's most useful the the user.
from bytebase.
I have something different in mind. We should avoid overburden users with information in the happy-path UI, instead, we can show the tips in the error prompt when we know it's most useful the the user.
SGTM. BTW, if you also want to improve the backend error message. The code is around here https://github.com/bytebase/bytebase/blob/main/server/project.go#L191-L192
from bytebase.
Related Issues (20)
- Add support for redis in the sql editor
- DML also supports gh-ost
- webui suddenly cannot be opened, prompting Failed to download all binlog files for instance HOT 1
- Error sync schema of database clickhouse HOT 1
- Make the GRPC server h2c compatible HOT 2
- Subscribed issue support email delivery
- Support redis6
- CTRL-K not working to open the "kbar" (tested in Chrome,Edge and Firefox)
- Enquiry about RePush of Issue & Disable Sql Advise during Git Review HOT 1
- Editor should escape column names HOT 3
- Can't give access to all users for a project HOT 1
- ERROR: function uuid_generate_v4() does not exist (SQLSTATE 42883) HOT 2
- cant create ldap sso HOT 1
- Make cloud storage backup options available on helm chart
- Image pull secrets support for helm chat
- Extend PostgreSQL support to CockroachDB HOT 1
- Support new databases: Cassandra HOT 6
- Error 404 When Configuring GitOps HOT 3
- Obfuscation not working properly HOT 1
- Feature Request: Support BigQuery HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bytebase.