diff options
author | Rémy Coutable <remy@rymai.me> | 2016-04-07 08:27:37 +0000 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-04-07 08:27:37 +0000 |
commit | 2817c541375bcb5478bc2d922decb017efbe26a5 (patch) | |
tree | c926a1d72798c559c9a5ce784201d65b7cc28928 | |
parent | 7266972b52311e6796f68a9a17ecd3fe3db167ff (diff) | |
parent | 924e4b370013ae3a8448a2a68e6a4d353b23b699 (diff) | |
download | gitlab-ce-2817c541375bcb5478bc2d922decb017efbe26a5.tar.gz |
Merge branch 'return-303-for-branch-deletion' into 'master'
Return status code 303 after a branch DELETE operation to avoid project deletion
Closes #14994
See merge request !3583
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/controllers/projects/application_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/projects/branches_controller.rb | 2 | ||||
-rw-r--r-- | spec/controllers/projects/branches_controller_spec.rb | 14 |
4 files changed, 19 insertions, 2 deletions
diff --git a/CHANGELOG b/CHANGELOG index 80fc2302b32..e9243463081 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.7.0 (unreleased) - All images in discussions and wikis now link to their source files !3464 (Connor Shea). + - Return status code 303 after a branch DELETE operation to avoid project deletion (Stan Hu) - Improved Markdown rendering performance !3389 (Yorick Peterse) - Don't attempt to look up an avatar in repo if repo directory does not exist (Stan Hu) - Preserve time notes/comments have been updated at when moving issue diff --git a/app/controllers/projects/application_controller.rb b/app/controllers/projects/application_controller.rb index 657ee94cfd7..74150ad606b 100644 --- a/app/controllers/projects/application_controller.rb +++ b/app/controllers/projects/application_controller.rb @@ -68,7 +68,9 @@ class Projects::ApplicationController < ApplicationController end def require_non_empty_project - redirect_to namespace_project_path(@project.namespace, @project) if @project.empty_repo? + # Be sure to return status code 303 to avoid a double DELETE: + # http://api.rubyonrails.org/classes/ActionController/Redirecting.html + redirect_to namespace_project_path(@project.namespace, @project), status: 303 if @project.empty_repo? end def require_branch_head diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb index c0a53734921..d09e7375b67 100644 --- a/app/controllers/projects/branches_controller.rb +++ b/app/controllers/projects/branches_controller.rb @@ -48,7 +48,7 @@ class Projects::BranchesController < Projects::ApplicationController respond_to do |format| format.html do redirect_to namespace_project_branches_path(@project.namespace, - @project) + @project), status: 303 end format.js { render status: status[:return_code] } end diff --git a/spec/controllers/projects/branches_controller_spec.rb b/spec/controllers/projects/branches_controller_spec.rb index 98ae424ed7c..8ad73472117 100644 --- a/spec/controllers/projects/branches_controller_spec.rb +++ b/spec/controllers/projects/branches_controller_spec.rb @@ -93,6 +93,20 @@ describe Projects::BranchesController do end end + describe "POST destroy with HTML format" do + render_views + + it 'returns 303' do + post :destroy, + format: :html, + id: 'foo/bar/baz', + namespace_id: project.namespace.to_param, + project_id: project.to_param + + expect(response.status).to eq(303) + end + end + describe "POST destroy" do render_views |