diff options
4 files changed, 0 insertions, 27 deletions
diff --git a/changelogs/unreleased/security-99-disable-caching-on-api-repo-blobs-raw.yml b/changelogs/unreleased/security-99-disable-caching-on-api-repo-blobs-raw.yml deleted file mode 100644 index 1869e6ea039..00000000000 --- a/changelogs/unreleased/security-99-disable-caching-on-api-repo-blobs-raw.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Disable caching on repo/blobs/[sha]/raw endpoint -merge_request: -author: -type: security diff --git a/lib/api/repositories.rb b/lib/api/repositories.rb index df80fae97d6..9953d3138f5 100644 --- a/lib/api/repositories.rb +++ b/lib/api/repositories.rb @@ -6,8 +6,6 @@ module API class Repositories < Grape::API include PaginationParams - helpers ::API::Helpers::HeadersHelpers - before { authorize! :download_code, user_project } params do @@ -67,8 +65,6 @@ module API get ':id/repository/blobs/:sha/raw' do assign_blob_vars! - no_cache_headers - send_git_blob @repo, @blob end diff --git a/spec/requests/api/repositories_spec.rb b/spec/requests/api/repositories_spec.rb index 58aa04c621f..cea08aa8767 100644 --- a/spec/requests/api/repositories_spec.rb +++ b/spec/requests/api/repositories_spec.rb @@ -177,12 +177,6 @@ describe API::Repositories do expect(headers['Content-Disposition']).to eq 'inline' end - it_behaves_like 'uncached response' do - before do - get api(route, current_user) - end - end - context 'when sha does not exist' do it_behaves_like '404 response' do let(:request) { get api(route.sub(sample_blob.oid, '123456'), current_user) } diff --git a/spec/support/shared_examples/uncached_response_shared_examples.rb b/spec/support/shared_examples/uncached_response_shared_examples.rb deleted file mode 100644 index 3997017ff35..00000000000 --- a/spec/support/shared_examples/uncached_response_shared_examples.rb +++ /dev/null @@ -1,12 +0,0 @@ -# frozen_string_literal: true -# -# Pairs with lib/gitlab/no_cache_headers.rb -# - -RSpec.shared_examples 'uncached response' do - it 'defines an uncached header response' do - expect(response.headers["Cache-Control"]).to include("no-store", "no-cache") - expect(response.headers["Pragma"]).to eq("no-cache") - expect(response.headers["Expires"]).to eq("Fri, 01 Jan 1990 00:00:00 GMT") - end -end |