summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid <david.piegza@mailbox.org>2018-10-01 17:43:40 +0000
committerStan Hu <stanhu@gmail.com>2018-10-01 17:43:40 +0000
commitfea4efe42f03e983c1b4bcfcce2c7e8db82f7447 (patch)
tree680d394857d33cab7b6f2556d551f244fdc931e2
parent2176477de86ec3580461807075c42da982c5f988 (diff)
downloadgitlab-ce-fea4efe42f03e983c1b4bcfcce2c7e8db82f7447.tar.gz
Add custom header for error responses
-rw-r--r--app/controllers/application_controller.rb9
-rw-r--r--changelogs/unreleased/23197-add-custom-header-for-error-responses.yml6
-rw-r--r--spec/controllers/application_controller_spec.rb76
3 files changed, 91 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index b87034d10b6..d7dbc712743 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -109,6 +109,15 @@ class ApplicationController < ActionController::Base
request.env['rack.session.options'][:expire_after] = Settings.gitlab['unauthenticated_session_expire_delay']
end
+ def render(*args)
+ super.tap do
+ # Set a header for custom error pages to prevent them from being intercepted by gitlab-workhorse
+ if response.content_type == 'text/html' && (400..599).cover?(response.status)
+ response.headers['X-GitLab-Custom-Error'] = '1'
+ end
+ end
+ end
+
protected
def append_info_to_payload(payload)
diff --git a/changelogs/unreleased/23197-add-custom-header-for-error-responses.yml b/changelogs/unreleased/23197-add-custom-header-for-error-responses.yml
new file mode 100644
index 00000000000..a5ffc197a0c
--- /dev/null
+++ b/changelogs/unreleased/23197-add-custom-header-for-error-responses.yml
@@ -0,0 +1,6 @@
+---
+title: Set a header for custom error pages to prevent them from being intercepted
+ by gitlab-workhorse
+merge_request: 21870
+author: David Piegza
+type: fixed
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index 7202cee04ea..2b28cfd16cc 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -728,4 +728,80 @@ describe ApplicationController do
end
end
end
+
+ context 'X-GitLab-Custom-Error header' do
+ before do
+ sign_in user
+ end
+
+ context 'given a 422 error page' do
+ controller do
+ def index
+ render 'errors/omniauth_error', layout: 'errors', status: 422
+ end
+ end
+
+ it 'sets a custom header' do
+ get :index
+
+ expect(response.headers['X-GitLab-Custom-Error']).to eq '1'
+ end
+ end
+
+ context 'given a 500 error page' do
+ controller do
+ def index
+ render 'errors/omniauth_error', layout: 'errors', status: 500
+ end
+ end
+
+ it 'sets a custom header' do
+ get :index
+
+ expect(response.headers['X-GitLab-Custom-Error']).to eq '1'
+ end
+ end
+
+ context 'given a 200 success page' do
+ controller do
+ def index
+ render 'errors/omniauth_error', layout: 'errors', status: 200
+ end
+ end
+
+ it 'does not set a custom header' do
+ get :index
+
+ expect(response.headers['X-GitLab-Custom-Error']).to be_nil
+ end
+ end
+
+ context 'given a json response' do
+ controller do
+ def index
+ render json: {}, status: :unprocessable_entity
+ end
+ end
+
+ it 'does not set a custom header' do
+ get :index, format: :json
+
+ expect(response.headers['X-GitLab-Custom-Error']).to be_nil
+ end
+ end
+
+ context 'given a json response for an html request' do
+ controller do
+ def index
+ render json: {}, status: :unprocessable_entity
+ end
+ end
+
+ it 'does not set a custom header' do
+ get :index
+
+ expect(response.headers['X-GitLab-Custom-Error']).to be_nil
+ end
+ end
+ end
end