GitLab: CSRF-Token leak by request forgery

Hi, I found the following issue in my own Gitlab installation. This is a request forgery that reveals the Rails authenticitytoken remotely, which in turn allows mounting state-changing CSRF attacks. Vulnerability The web app code relies on location.pathname in a number of places to create new...