summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/initializers/workhorse_multipart.rb6
1 files changed, 6 insertions, 0 deletions
diff --git a/config/initializers/workhorse_multipart.rb b/config/initializers/workhorse_multipart.rb
index 8de7140e3d4..84d809741c4 100644
--- a/config/initializers/workhorse_multipart.rb
+++ b/config/initializers/workhorse_multipart.rb
@@ -2,6 +2,12 @@ Rails.application.configure do |config|
config.middleware.use(Gitlab::Middleware::Multipart)
end
+# The Gitlab::Middleware::Multipart middleware inserts instances of our
+# own ::UploadedFile class in the Rack env of requests. These instances
+# will be blocked by the 'strong parameters' feature of ActionController
+# unless we somehow whitelist them. At the moment it seems the only way
+# to do that is by monkey-patching.
+#
module Gitlab
module StrongParameterScalars
GITLAB_PERMITTED_SCALAR_TYPES = [::UploadedFile]