Commit graph

10 commits

Author SHA1 Message Date
gfyoung
93a44e135b Add some frozen string to spec/**/*.rb
Adds frozen string to the following:

* spec/bin/**/*.rb
* spec/config/**/*.rb
* spec/controllers/**/*.rb

xref https://gitlab.com/gitlab-org/gitlab-ce/issues/59758
2019-04-15 10:17:05 +00:00
Stan Hu
4193e3d475 Bump fog-aws to 3.3.0 and associated dependencies
Fixes issue with AWS V4 signatures not working with Ceph S3:
https://github.com/fog/fog-aws/issues/462
2019-02-28 22:51:03 -08:00
Stan Hu
134420f2ef Fix Content-Disposition hard-coded to attachments
Due to a regression in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24919,
Content-Disposition is hard-coded to `attachment` instead of `inline`.
We now use the argument `disposition` to fix that problem.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/57660
2019-02-13 11:09:52 -08:00
Stan Hu
41b51c0656 Encode Content-Disposition filenames
Users downloading non-ASCII attachments would see garbled characters.
When used with object storage, AWS S3 would return an InvalidArgument
error: Header value cannot be represented using ISO-8859-1.

Per RFC 5987 and RFC 6266, Content-Disposition should be encoded
properly. This commit takes the Rails 6 implementation of
ActiveSuppport::Http::ContentDisposition
(https://github.com/rails/rails/pull/33829) and ports it here.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/47673
2019-02-04 23:12:44 -08:00
Stan Hu
e1079ee28f MIME type application/javascript -> application/ecmascript 2018-11-10 06:31:29 -08:00
Kamil Trzciński
5da2f42dc9 backport: Always proxy reports downloads
This makes to always proxy reports
2018-11-07 21:49:45 +01:00
Stan Hu
262b974123 Fix attachments not displaying inline with Google Cloud Storage
There were several issues:

1. With Google Cloud Storage, we can't override the Content-Type with
Response-Content-Type once it is set.  Setting the value to
`application/octet-stream` doesn't buy us anything. GCS defaults to
`application/octet-stream`, and AWS uses `binary/octet-stream`. Just remove
this `Content-Type` when we upload new files.

2. CarrierWave and fog-google need to support query parameters:
https://github.com/fog/fog-google/pull/409/files, https://github.com/carrierwaveuploader/carrierwave/pull/2332/files.
CarrierWave has been monkey-patched until an official release.

3. Workhorse also needs to remove the Content-Type header in the request
(ef80978ff8/internal/objectstore/object.go (L66)),
or we'll get a 403 error when uploading due to signed URLs not matching the headers.
Upgrading to Workhorse 6.1.0 for https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/297
will make Workhorse use the headers that are used by Rails.

Closes 
2018-09-05 17:01:54 -07:00
Stan Hu
0c43170630 Fix cross-origin errors when attempting to download JavaScript attachments
If you upload a file with a .js extension, Rails' cross-origin JavaScript
protection will prevent a user from downloading the file with a 422 error.
Setting the content-type to `text/plain` will allow the user to download
the file as a plaintext file.

Closes 
2018-05-13 21:49:51 -07:00
Micaël Bergeron
44f37504fb Backport ee-40781-os-to-ce 2018-03-22 08:49:04 -04:00
Micaël Bergeron
fc6587f1f2 Add proxy_download to perform proxied sending of all files 2018-03-09 09:16:06 -05:00