Add custom header for error responses

3 files changed, 91 insertions, 0 deletions

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index b87034d10b6..d7dbc712743 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -109,6 +109,15 @@ class ApplicationController < ActionController::Base
     request.env['rack.session.options'][:expire_after] = Settings.gitlab['unauthenticated_session_expire_delay']
   end
 
+  def render(*args)
+    super.tap do
+      # Set a header for custom error pages to prevent them from being intercepted by gitlab-workhorse
+      if response.content_type == 'text/html' && (400..599).cover?(response.status)
+        response.headers['X-GitLab-Custom-Error'] = '1'
+      end
+    end
+  end
+
   protected
 
   def append_info_to_payload(payload)
diff --git a/changelogs/unreleased/23197-add-custom-header-for-error-responses.yml b/changelogs/unreleased/23197-add-custom-header-for-error-responses.yml
new file mode 100644
index 00000000000..a5ffc197a0c
--- /dev/null
+++ b/changelogs/unreleased/23197-add-custom-header-for-error-responses.yml
@@ -0,0 +1,6 @@
+---
+title: Set a header for custom error pages to prevent them from being intercepted
+  by gitlab-workhorse
+merge_request: 21870
+author: David Piegza
+type: fixed
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index 7202cee04ea..2b28cfd16cc 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -728,4 +728,80 @@ describe ApplicationController do
       end
     end
   end
+
+  context 'X-GitLab-Custom-Error header' do
+    before do
+      sign_in user
+    end
+
+    context 'given a 422 error page' do
+      controller do
+        def index
+          render 'errors/omniauth_error', layout: 'errors', status: 422
+        end
+      end
+
+      it 'sets a custom header' do
+        get :index
+
+        expect(response.headers['X-GitLab-Custom-Error']).to eq '1'
+      end
+    end
+
+    context 'given a 500 error page' do
+      controller do
+        def index
+          render 'errors/omniauth_error', layout: 'errors', status: 500
+        end
+      end
+
+      it 'sets a custom header' do
+        get :index
+
+        expect(response.headers['X-GitLab-Custom-Error']).to eq '1'
+      end
+    end
+
+    context 'given a 200 success page' do
+      controller do
+        def index
+          render 'errors/omniauth_error', layout: 'errors', status: 200
+        end
+      end
+
+      it 'does not set a custom header' do
+        get :index
+
+        expect(response.headers['X-GitLab-Custom-Error']).to be_nil
+      end
+    end
+
+    context 'given a json response' do
+      controller do
+        def index
+          render json: {}, status: :unprocessable_entity
+        end
+      end
+
+      it 'does not set a custom header' do
+        get :index, format: :json
+
+        expect(response.headers['X-GitLab-Custom-Error']).to be_nil
+      end
+    end
+
+    context 'given a json response for an html request' do
+      controller do
+        def index
+          render json: {}, status: :unprocessable_entity
+        end
+      end
+
+      it 'does not set a custom header' do
+        get :index
+
+        expect(response.headers['X-GitLab-Custom-Error']).to be_nil
+      end
+    end
+  end
 end