diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-14 08:12:27 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-14 08:12:27 +0000 |
| commit | 3772445de3063dda5e5fb2f21b6debf14032cc92 (patch) | |
| tree | 8db2e49b644638f160392062221e6a0a56fcfd62 /lib | |
| parent | 28a9333b4b418ce3f96fcd0a530d76ac86e6c4ed (diff) | |
| download | gitlab-ce-3772445de3063dda5e5fb2f21b6debf14032cc92.tar.gz | |
Add latest changes from gitlab-org/gitlab@13-11-stable-ee
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab/middleware/read_only/controller.rb | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/lib/gitlab/middleware/read_only/controller.rb b/lib/gitlab/middleware/read_only/controller.rb index b11ee0afc10..226ef2041b2 100644 --- a/lib/gitlab/middleware/read_only/controller.rb +++ b/lib/gitlab/middleware/read_only/controller.rb @@ -83,7 +83,15 @@ module Gitlab end def route_hash - @route_hash ||= Rails.application.routes.recognize_path(request.url, { method: request.request_method }) rescue {} + @route_hash ||= Rails.application.routes.recognize_path(request_url, { method: request.request_method }) rescue {} + end + + def request_url + request.url.chomp('/') + end + + def request_path + @request_path ||= request.path.chomp('/') end def relative_url @@ -100,7 +108,7 @@ module Gitlab def workhorse_passthrough_route? # Calling route_hash may be expensive. Only do it if we think there's a possible match return false unless request.post? && - request.path.end_with?('.git/git-upload-pack') + request_path.end_with?('.git/git-upload-pack') ALLOWLISTED_GIT_READ_ONLY_ROUTES[route_hash[:controller]]&.include?(route_hash[:action]) end @@ -120,14 +128,14 @@ module Gitlab # https://gitlab.com/gitlab-org/gitlab/blob/master/app/controllers/repositories/lfs_api_controller.rb#L106 def lfs_batch_route? # Calling route_hash may be expensive. Only do it if we think there's a possible match - return unless request.path.end_with?('/info/lfs/objects/batch') + return unless request_path.end_with?('/info/lfs/objects/batch') ALLOWLISTED_GIT_LFS_BATCH_ROUTES[route_hash[:controller]]&.include?(route_hash[:action]) end def session_route? # Calling route_hash may be expensive. Only do it if we think there's a possible match - return false unless request.post? && request.path.end_with?('/users/sign_out', + return false unless request.post? && request_path.end_with?('/users/sign_out', '/admin/session', '/admin/session/destroy') ALLOWLISTED_SESSION_ROUTES[route_hash[:controller]]&.include?(route_hash[:action]) |