diff options
author | Stan Hu <stanhu@gmail.com> | 2018-08-13 15:36:15 -0700 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2018-08-16 15:52:08 -0700 |
commit | 81cd6fee7097b5ce082cda079b02995b838f9485 (patch) | |
tree | db361cfef9302dd07185a55f1d87c2e871f78596 | |
parent | 3a8e1fe9372dca597fee8f69a0ffc9c9780e1cbe (diff) | |
download | gitlab-ce-sh-fix-attachments-inline.tar.gz |
Fix attachments not displaying inline with Google Cloud Storagesh-fix-attachments-inline
There were several issues:
1. With Google Cloud Storage, we can't override the Content-Type with
Response-Content-Type once it is set. Setting the value to
`application/octet-stream` doesn't buy us anything.
2. CarrierWave and fog-google need to support query parameters:
https://github.com/fog/fog-google/pull/409/files, https://github.com/carrierwaveuploader/carrierwave/pull/2332/files
3. Workhorse also needs to remove the Content-Type header in the request
(https://gitlab.com/gitlab-org/gitlab-workhorse/blob/ef80978ff89e628c8eeb66556720e30587d3deb6/internal/objectstore/object.go#L66),
or we'll get a 403 error when uploading due to signed URLs not matching the headers:
https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/294
Closes #49957
-rw-r--r-- | app/controllers/concerns/send_file_upload.rb | 12 | ||||
-rw-r--r-- | changelogs/unreleased/sh-fix-attachments-inline.yml | 5 | ||||
-rw-r--r-- | config/initializers/fog_google_https_private_urls.rb | 4 | ||||
-rw-r--r-- | lib/object_storage/direct_upload.rb | 5 |
4 files changed, 21 insertions, 5 deletions
diff --git a/app/controllers/concerns/send_file_upload.rb b/app/controllers/concerns/send_file_upload.rb index 237c93daee8..8d98eea3c5d 100644 --- a/app/controllers/concerns/send_file_upload.rb +++ b/app/controllers/concerns/send_file_upload.rb @@ -1,7 +1,9 @@ module SendFileUpload def send_upload(file_upload, send_params: {}, redirect_params: {}, attachment: nil, disposition: 'attachment') if attachment - redirect_params[:query] = { "response-content-disposition" => "#{disposition};filename=#{attachment.inspect}" } + # Response-Content-Type will not override an existing Content-Type in Google Cloud Storage + redirect_params[:query] = { "response-content-disposition" => "#{disposition};filename=#{attachment.inspect}", + "response-content-type" => guess_content_type(attachment) } # By default, Rails will send uploads with an extension of .js with a # content-type of text/javascript, which will trigger Rails' # cross-origin JavaScript protection. @@ -18,4 +20,12 @@ module SendFileUpload redirect_to file_upload.url(**redirect_params) end end + + def guess_content_type(filename) + mime_type = MIME::Types.type_for(filename) + + return "application/octet-stream" unless mime_type + + mime_type.first.content_type + end end diff --git a/changelogs/unreleased/sh-fix-attachments-inline.yml b/changelogs/unreleased/sh-fix-attachments-inline.yml new file mode 100644 index 00000000000..2926edca97a --- /dev/null +++ b/changelogs/unreleased/sh-fix-attachments-inline.yml @@ -0,0 +1,5 @@ +--- +title: Fix attachments not displaying inline with Google Cloud Storage +merge_request: 21265 +author: +type: fixed diff --git a/config/initializers/fog_google_https_private_urls.rb b/config/initializers/fog_google_https_private_urls.rb index f92e623a5d2..682b1050c68 100644 --- a/config/initializers/fog_google_https_private_urls.rb +++ b/config/initializers/fog_google_https_private_urls.rb @@ -7,9 +7,9 @@ module Fog class GoogleXML class File < Fog::Model module MonkeyPatch - def url(expires) + def url(expires, options = {}) requires :key - collection.get_https_url(key, expires) + collection.get_https_url(key, expires, options) end end diff --git a/lib/object_storage/direct_upload.rb b/lib/object_storage/direct_upload.rb index 61a69e7ffe4..99f6ded7638 100644 --- a/lib/object_storage/direct_upload.rb +++ b/lib/object_storage/direct_upload.rb @@ -62,7 +62,7 @@ module ObjectStorage # Implements https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectGET.html def get_url - connection.get_object_url(bucket_name, object_name, expire_at) + connection.get_object_https_url(bucket_name, object_name, expire_at) end # Implements https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html @@ -156,7 +156,8 @@ module ObjectStorage end def upload_options - { 'Content-Type' => 'application/octet-stream' } + # Any headers also have to be reflected in object.go in Workhorse as well + {} end def connection |