diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-03 21:06:11 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-03 21:06:11 +0300 |
commit | 25521def84a6987fe9d4265b560e930bfb32c195 (patch) | |
tree | 711e001ea65f76a9c2eb034c4531bda325af84f3 /lib/gitlab/middleware | |
parent | 9a1c5456747a7b5b218b8b44e4b43396bf7fd705 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/middleware')
-rw-r--r-- | lib/gitlab/middleware/read_only/controller.rb | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/lib/gitlab/middleware/read_only/controller.rb b/lib/gitlab/middleware/read_only/controller.rb index 907e031a02e..b18f0eed1fa 100644 --- a/lib/gitlab/middleware/read_only/controller.rb +++ b/lib/gitlab/middleware/read_only/controller.rb @@ -20,6 +20,10 @@ module Gitlab 'projects/lfs_locks_api' => %w{verify create unlock} }.freeze + WHITELISTED_GIT_REVISION_ROUTES = { + 'projects/compare' => %w{create} + }.freeze + GRAPHQL_URL = '/api/graphql' def initialize(app, env) @@ -81,7 +85,7 @@ module Gitlab # Overridden in EE module def whitelisted_routes - grack_route? || internal_route? || lfs_route? || sidekiq_route? || graphql_query? + grack_route? || internal_route? || lfs_route? || compare_git_revisions_route? || sidekiq_route? || graphql_query? end def grack_route? @@ -96,6 +100,13 @@ module Gitlab ReadOnly.internal_routes.any? { |path| request.path.include?(path) } end + def compare_git_revisions_route? + # Calling route_hash may be expensive. Only do it if we think there's a possible match + return false unless request.post? && request.path.end_with?('compare') + + WHITELISTED_GIT_REVISION_ROUTES[route_hash[:controller]]&.include?(route_hash[:action]) + end + def lfs_route? # Calling route_hash may be expensive. Only do it if we think there's a possible match unless request.path.end_with?('/info/lfs/objects/batch', |