Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib/container_registry/client.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/container_registry/client.rb')
-rw-r--r--lib/container_registry/client.rb19
1 files changed, 19 insertions, 0 deletions
diff --git a/lib/container_registry/client.rb b/lib/container_registry/client.rb
index add238350dd..4b2250d089d 100644
--- a/lib/container_registry/client.rb
+++ b/lib/container_registry/client.rb
@@ -10,6 +10,21 @@ module ContainerRegistry
REGISTRY_FEATURES_HEADER = 'gitlab-container-registry-features'
REGISTRY_TAG_DELETE_FEATURE = 'tag_delete'
+ ALLOWED_REDIRECT_SCHEMES = %w[http https].freeze
+ REDIRECT_OPTIONS = {
+ clear_authorization_header: true,
+ limit: 3,
+ cookies: [],
+ callback: -> (response_env, request_env) do
+ request_env.request_headers.delete(::FaradayMiddleware::FollowRedirects::AUTH_HEADER)
+
+ redirect_to = request_env.url
+ unless redirect_to.scheme.in?(ALLOWED_REDIRECT_SCHEMES)
+ raise ArgumentError, "Invalid scheme for #{redirect_to}"
+ end
+ end
+ }.freeze
+
def self.supports_tag_delete?
with_dummy_client(return_value_if_disabled: false) do |client|
client.supports_tag_delete?
@@ -136,6 +151,10 @@ module ContainerRegistry
def faraday_blob
@faraday_blob ||= faraday_base do |conn|
initialize_connection(conn, @options)
+
+ if Feature.enabled?(:container_registry_follow_redirects_middleware, default_enabled: :yaml)
+ conn.use ::FaradayMiddleware::FollowRedirects, REDIRECT_OPTIONS
+ end
end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-15 02:10:22 +0300