diff options
Diffstat (limited to 'app/controllers/projects/blob_controller.rb')
-rw-r--r-- | app/controllers/projects/blob_controller.rb | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb index 4eda76f4f21..59cea00e26b 100644 --- a/app/controllers/projects/blob_controller.rb +++ b/app/controllers/projects/blob_controller.rb @@ -239,6 +239,8 @@ class Projects::BlobController < Projects::ApplicationController @last_commit = @repository.last_commit_for_path(@commit.id, @blob.path, literal_pathspec: true) @code_navigation_path = Gitlab::CodeNavigationPath.new(@project, @blob.commit_id).full_json_path_for(@blob.path) + allow_lfs_direct_download + render 'show' end @@ -282,6 +284,30 @@ class Projects::BlobController < Projects::ApplicationController def visitor_id current_user&.id end + + def allow_lfs_direct_download + return unless directly_downloading_lfs_object? && content_security_policy_enabled? + return unless (lfs_object = @project.lfs_objects.find_by_oid(@blob.lfs_oid)) + + request.content_security_policy.directives['connect-src'] ||= [] + request.content_security_policy.directives['connect-src'] << lfs_src(lfs_object) + end + + def directly_downloading_lfs_object? + Gitlab.config.lfs.enabled && + !Gitlab.config.lfs.object_store.proxy_download && + @blob&.stored_externally? + end + + def content_security_policy_enabled? + Gitlab.config.gitlab.content_security_policy.enabled + end + + def lfs_src(lfs_object) + file = lfs_object.file + file = file.cdn_enabled_url(request.remote_ip) if file.respond_to?(:cdn_enabled_url) + file.url + end end Projects::BlobController.prepend_mod |