diff options
| -rw-r--r-- | app/controllers/application_controller.rb | 9 | ||||
| -rw-r--r-- | changelogs/unreleased/23197-add-custom-header-for-error-responses.yml | 6 | ||||
| -rw-r--r-- | spec/controllers/application_controller_spec.rb | 76 |
3 files changed, 91 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index b87034d10b6..d7dbc712743 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -109,6 +109,15 @@ class ApplicationController < ActionController::Base request.env['rack.session.options'][:expire_after] = Settings.gitlab['unauthenticated_session_expire_delay'] end + def render(*args) + super.tap do + # Set a header for custom error pages to prevent them from being intercepted by gitlab-workhorse + if response.content_type == 'text/html' && (400..599).cover?(response.status) + response.headers['X-GitLab-Custom-Error'] = '1' + end + end + end + protected def append_info_to_payload(payload) diff --git a/changelogs/unreleased/23197-add-custom-header-for-error-responses.yml b/changelogs/unreleased/23197-add-custom-header-for-error-responses.yml new file mode 100644 index 00000000000..a5ffc197a0c --- /dev/null +++ b/changelogs/unreleased/23197-add-custom-header-for-error-responses.yml @@ -0,0 +1,6 @@ +--- +title: Set a header for custom error pages to prevent them from being intercepted + by gitlab-workhorse +merge_request: 21870 +author: David Piegza +type: fixed diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index 7202cee04ea..2b28cfd16cc 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -728,4 +728,80 @@ describe ApplicationController do end end end + + context 'X-GitLab-Custom-Error header' do + before do + sign_in user + end + + context 'given a 422 error page' do + controller do + def index + render 'errors/omniauth_error', layout: 'errors', status: 422 + end + end + + it 'sets a custom header' do + get :index + + expect(response.headers['X-GitLab-Custom-Error']).to eq '1' + end + end + + context 'given a 500 error page' do + controller do + def index + render 'errors/omniauth_error', layout: 'errors', status: 500 + end + end + + it 'sets a custom header' do + get :index + + expect(response.headers['X-GitLab-Custom-Error']).to eq '1' + end + end + + context 'given a 200 success page' do + controller do + def index + render 'errors/omniauth_error', layout: 'errors', status: 200 + end + end + + it 'does not set a custom header' do + get :index + + expect(response.headers['X-GitLab-Custom-Error']).to be_nil + end + end + + context 'given a json response' do + controller do + def index + render json: {}, status: :unprocessable_entity + end + end + + it 'does not set a custom header' do + get :index, format: :json + + expect(response.headers['X-GitLab-Custom-Error']).to be_nil + end + end + + context 'given a json response for an html request' do + controller do + def index + render json: {}, status: :unprocessable_entity + end + end + + it 'does not set a custom header' do + get :index + + expect(response.headers['X-GitLab-Custom-Error']).to be_nil + end + end + end end |