Merge branch 'monkey-patch-comment' into 'master'

Explain why we have this monkey-patch See merge request !8329
author: Rémy Coutable <remy@rymai.me> 2017-01-05 11:14:01 +0000
committer: Rémy Coutable <remy@rymai.me> 2017-01-05 11:14:01 +0000
commit: 91e560124b241972f3ffe6b682f1501a9c209d4e (patch)
tree: 294cad39db7869142d2f36729598a92544f9091b /config
parent: b1cd9add2385b381b54af9259e49d8a39e110e0b (diff)
parent: e55494d3805963257390d7ec186efd84d9521894 (diff)
download: gitlab-ce-91e560124b241972f3ffe6b682f1501a9c209d4e.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/config/initializers/workhorse_multipart.rb b/config/initializers/workhorse_multipart.rb
index 8de7140e3d4..84d809741c4 100644
--- a/config/initializers/workhorse_multipart.rb
+++ b/config/initializers/workhorse_multipart.rb
@@ -2,6 +2,12 @@ Rails.application.configure do |config|
   config.middleware.use(Gitlab::Middleware::Multipart)
 end
 
+# The Gitlab::Middleware::Multipart middleware inserts instances of our
+# own ::UploadedFile class in the Rack env of requests. These instances
+# will be blocked by the 'strong parameters' feature of ActionController
+# unless we somehow whitelist them. At the moment it seems the only way
+# to do that is by monkey-patching.
+#
 module Gitlab
   module StrongParameterScalars
     GITLAB_PERMITTED_SCALAR_TYPES = [::UploadedFile]
author	Rémy Coutable <remy@rymai.me>	2017-01-05 11:14:01 +0000
committer	Rémy Coutable <remy@rymai.me>	2017-01-05 11:14:01 +0000
commit	91e560124b241972f3ffe6b682f1501a9c209d4e (patch)
tree	294cad39db7869142d2f36729598a92544f9091b /config
parent	b1cd9add2385b381b54af9259e49d8a39e110e0b (diff)
parent	e55494d3805963257390d7ec186efd84d9521894 (diff)
download	gitlab-ce-91e560124b241972f3ffe6b682f1501a9c209d4e.tar.gz