Commit 9672e1fe authored by Ahmad Sherif's avatar Ahmad Sherif

Remove Set-Cookie header from archive and raw blob responses

CDNs don't cache responses with Set-Cookie header as they assume they
contain some sort of state or user-specific data, which is not the case for
raw blobs and repository archives.

This change allows GitLab installations that sit behind a CDN to benefit from its
caching feature seamlessly.

Related to https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/6829
and https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/4
parent d7194f8c
...@@ -160,6 +160,10 @@ func handleArchiveWithGitaly(r *http.Request, params archiveParams, format gital ...@@ -160,6 +160,10 @@ func handleArchiveWithGitaly(r *http.Request, params archiveParams, format gital
func setArchiveHeaders(w http.ResponseWriter, format gitalypb.GetArchiveRequest_Format, archiveFilename string) { func setArchiveHeaders(w http.ResponseWriter, format gitalypb.GetArchiveRequest_Format, archiveFilename string) {
w.Header().Del("Content-Length") w.Header().Del("Content-Length")
w.Header().Set("Content-Disposition", fmt.Sprintf(`attachment; filename="%s"`, archiveFilename)) w.Header().Set("Content-Disposition", fmt.Sprintf(`attachment; filename="%s"`, archiveFilename))
// Caching proxies usually don't cache responses with Set-Cookie header
// present because it implies user-specific data, which is not the case
// for repository archives.
w.Header().Del("Set-Cookie")
if format == gitalypb.GetArchiveRequest_ZIP { if format == gitalypb.GetArchiveRequest_ZIP {
w.Header().Set("Content-Type", "application/zip") w.Header().Set("Content-Type", "application/zip")
} else { } else {
......
...@@ -68,6 +68,9 @@ func TestSetArchiveHeaders(t *testing.T) { ...@@ -68,6 +68,9 @@ func TestSetArchiveHeaders(t *testing.T) {
w.Header().Set("Content-Length", "test") w.Header().Set("Content-Length", "test")
w.Header().Set("Content-Disposition", "test") w.Header().Set("Content-Disposition", "test")
// This should be deleted
w.Header().Set("Set-Cookie", "test")
// This should be preserved // This should be preserved
w.Header().Set("Cache-Control", "public, max-age=3600") w.Header().Set("Cache-Control", "public, max-age=3600")
...@@ -77,5 +80,6 @@ func TestSetArchiveHeaders(t *testing.T) { ...@@ -77,5 +80,6 @@ func TestSetArchiveHeaders(t *testing.T) {
testhelper.AssertResponseWriterHeader(t, w, "Content-Length") testhelper.AssertResponseWriterHeader(t, w, "Content-Length")
testhelper.AssertResponseWriterHeader(t, w, "Content-Disposition", `attachment; filename="filename"`) testhelper.AssertResponseWriterHeader(t, w, "Content-Disposition", `attachment; filename="filename"`)
testhelper.AssertResponseWriterHeader(t, w, "Cache-Control", "public, max-age=3600") testhelper.AssertResponseWriterHeader(t, w, "Cache-Control", "public, max-age=3600")
testhelper.AssertAbsentResponseWriterHeader(t, w, "Set-Cookie")
} }
} }
...@@ -32,8 +32,16 @@ func (b *blob) Inject(w http.ResponseWriter, r *http.Request, sendData string) { ...@@ -32,8 +32,16 @@ func (b *blob) Inject(w http.ResponseWriter, r *http.Request, sendData string) {
return return
} }
setBlobHeaders(w)
if err := blobClient.SendBlob(ctx, w, &params.GetBlobRequest); err != nil { if err := blobClient.SendBlob(ctx, w, &params.GetBlobRequest); err != nil {
helper.Fail500(w, r, fmt.Errorf("blob.GetBlob: %v", err)) helper.Fail500(w, r, fmt.Errorf("blob.GetBlob: %v", err))
return return
} }
} }
func setBlobHeaders(w http.ResponseWriter) {
// Caching proxies usually don't cache responses with Set-Cookie header
// present because it implies user-specific data, which is not the case
// for blobs.
w.Header().Del("Set-Cookie")
}
package git
import (
"net/http/httptest"
"testing"
"gitlab.com/gitlab-org/gitlab-workhorse/internal/testhelper"
)
func TestSetBlobHeaders(t *testing.T) {
w := httptest.NewRecorder()
w.Header().Set("Set-Cookie", "gitlab_cookie=123456")
setBlobHeaders(w)
testhelper.AssertAbsentResponseWriterHeader(t, w, "Set-Cookie")
}
...@@ -77,6 +77,14 @@ func AssertResponseWriterHeader(t *testing.T, w http.ResponseWriter, header stri ...@@ -77,6 +77,14 @@ func AssertResponseWriterHeader(t *testing.T, w http.ResponseWriter, header stri
assertHeaderExists(t, header, actual, expected) assertHeaderExists(t, header, actual, expected)
} }
func AssertAbsentResponseWriterHeader(t *testing.T, w http.ResponseWriter, header string) {
actual := w.Header()[http.CanonicalHeaderKey(header)]
if len(actual) != 0 {
t.Fatalf("for HTTP request expected not to receive the header %q, got %+v", header, actual)
}
}
func AssertResponseHeader(t *testing.T, w interface{}, header string, expected ...string) { func AssertResponseHeader(t *testing.T, w interface{}, header string, expected ...string) {
var actual []string var actual []string
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment