Reject HEAD requests to info/refs endpoint

In production, we see high error rates due to clients attempting to use the dumb Git HTTP protocol with HEAD /foo/bar.git/info/refs endpoint. This isn't supported and causes Error 500s because Workhorse doesn't send along its secret because it's not proxying this request. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54579
author: Stan Hu <stanhu@gmail.com> 2019-03-19 10:02:17 -0700
committer: Stan Hu <stanhu@gmail.com> 2019-03-19 11:23:51 -0700
commit: d165754400cd68f116babc1b0f50cf6109e85009 (patch)
tree: 3f7b9a1d30d072a102657fa78b46b188f88d0fd1 /spec/controllers
parent: 934253c9475a2f2d8a562bcc6bbb8a5f52efa713 (diff)
download: gitlab-ce-d165754400cd68f116babc1b0f50cf6109e85009.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/spec/controllers/projects/git_http_controller_spec.rb b/spec/controllers/projects/git_http_controller_spec.rb
new file mode 100644
index 00000000000..bf099e8deeb
--- /dev/null
+++ b/spec/controllers/projects/git_http_controller_spec.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Projects::GitHttpController do
+  describe 'HEAD #info_refs' do
+    it 'returns 403' do
+      project = create(:project, :public, :repository)
+
+      head :info_refs, params: { namespace_id: project.namespace.to_param, project_id: project.path + '.git' }
+
+      expect(response.status).to eq(403)
+    end
+  end
+end
author	Stan Hu <stanhu@gmail.com>	2019-03-19 10:02:17 -0700
committer	Stan Hu <stanhu@gmail.com>	2019-03-19 11:23:51 -0700
commit	d165754400cd68f116babc1b0f50cf6109e85009 (patch)
tree	3f7b9a1d30d072a102657fa78b46b188f88d0fd1 /spec/controllers
parent	934253c9475a2f2d8a562bcc6bbb8a5f52efa713 (diff)
download	gitlab-ce-d165754400cd68f116babc1b0f50cf6109e85009.tar.gz