From d2f56d1cbc7ef985c2565ccc899a1a4f3c07e524 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Thu, 28 Sep 2017 23:20:08 +0200
Subject: [PATCH] Change max redirects followed to 2 (#5136)

I see no reason to allow more than that. Usually a redirect is
HTTP->HTTPS, then maybe URL structure changed, but more than that
is highly unlikely to be a legitimate use case.
---
 app/lib/request.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/lib/request.rb b/app/lib/request.rb
index b083edaf77..61311df6e4 100644
--- a/app/lib/request.rb
+++ b/app/lib/request.rb
@@ -85,6 +85,6 @@ class Request
   end
 
   def http_client
-    HTTP.timeout(:per_operation, timeout).follow
+    HTTP.timeout(:per_operation, timeout).follow(max_hops: 2)
   end
 end
-- 
GitLab