Explain why there is a monkey-patch

author: Jacob Vosmaer <jacob@gitlab.com> 2016-12-27 18:12:37 +0100
committer: Jacob Vosmaer <jacob@gitlab.com> 2016-12-27 18:15:29 +0100
commit: e55494d3805963257390d7ec186efd84d9521894 (patch)
tree: 2df56aad04488ed38a110feea9447360724d8486 /config
parent: f264ec6ee74a0263b4e5212e921c4638c25f8fcd (diff)
download: gitlab-ce-e55494d3805963257390d7ec186efd84d9521894.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/config/initializers/workhorse_multipart.rb b/config/initializers/workhorse_multipart.rb
index 8de7140e3d4..84d809741c4 100644
--- a/config/initializers/workhorse_multipart.rb
+++ b/config/initializers/workhorse_multipart.rb
@@ -2,6 +2,12 @@ Rails.application.configure do |config|
   config.middleware.use(Gitlab::Middleware::Multipart)
 end
 
+# The Gitlab::Middleware::Multipart middleware inserts instances of our
+# own ::UploadedFile class in the Rack env of requests. These instances
+# will be blocked by the 'strong parameters' feature of ActionController
+# unless we somehow whitelist them. At the moment it seems the only way
+# to do that is by monkey-patching.
+#
 module Gitlab
   module StrongParameterScalars
     GITLAB_PERMITTED_SCALAR_TYPES = [::UploadedFile]
author	Jacob Vosmaer <jacob@gitlab.com>	2016-12-27 18:12:37 +0100
committer	Jacob Vosmaer <jacob@gitlab.com>	2016-12-27 18:15:29 +0100
commit	e55494d3805963257390d7ec186efd84d9521894 (patch)
tree	2df56aad04488ed38a110feea9447360724d8486 /config
parent	f264ec6ee74a0263b4e5212e921c4638c25f8fcd (diff)
download	gitlab-ce-e55494d3805963257390d7ec186efd84d9521894.tar.gz