- 04 Jun, 2020 4 commits
-
-
Nick Thomas authored
Two cases in particular, lacking a `Content-Type`, gave us trouble: * Transfer-Encoding: chunked * No content-type and no transfer-encoding Both of these are permitted by the HTTP RFC (cases 3 and 7), and we can talk to arbitrary HTTP servers via sendurl, so it's imperative that we handle them correctly. This commit adds tests for both cases. Responses of the latter type are transparently converted to responses of the former type. This is an automatic behaviour of the Go stdlib, which doesn't really support making the second type of response directly. Since Transfer-Encoding is a hop-by-hop header, this type of encoding is extremely common, and we're still streaming, instead of accumulating, the data, I think this is acceptable.
-
Georges-Etienne Legendre authored
-
Georges-Etienne Legendre authored
-
Jacob Vosmaer authored
-
- 26 May, 2020 2 commits
-
-
Nick Thomas authored
-
Nick Thomas authored
Limit resources when processing artifacts metadata See merge request gitlab-org/security/gitlab-workhorse!15
-
- 22 May, 2020 1 commit
-
-
Grzegorz Bizon authored
-
- 30 Apr, 2020 1 commit
-
-
Robert Speicher authored
-
- 07 Apr, 2020 3 commits
-
-
Nick Thomas authored
Sign artifact multipart fields in Workhorse See merge request gitlab-org/security/gitlab-workhorse!12
-
Nick Thomas authored
-
Stan Hu authored
This adds the `Gitlab-Workhorse-Multipart-Fields` HTTP header, which contains a list of signed multipart keys, for the CI artifacts upload endpoints. This is already done for multipart attachments but was not done for the the CI artifacts case. Without this header, Rails can't guarantee that the file attachments were validated by Workhorse. This is the Workhorse part of the solution for https://gitlab.com/gitlab-org/gitlab/-/issues/213139. This needs to be used by Rails: https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/403
-
- 04 Apr, 2020 2 commits
-
-
Nick Thomas authored
Release v8.30.0 See merge request gitlab-org/gitlab-workhorse!483
-
Nick Thomas authored
-
- 03 Apr, 2020 3 commits
-
-
Nick Thomas authored
Proxy ActionCable websocket connection See merge request gitlab-org/gitlab-workhorse!454
-
Heinrich Lee Yu authored
Tests a single backend setup and a separate cable backend setup
-
Alessio Caiazza authored
Add a missing CHANGELOG entry See merge request gitlab-org/gitlab-workhorse!481
-
- 02 Apr, 2020 3 commits
-
-
Heinrich Lee Yu authored
-
Heinrich Lee Yu authored
This is to support running the ActionCable server in a separate process from the web server
-
Heinrich Lee Yu authored
Had to use a simple proxy because the other ResponseWriter wrappers do not support HiJack and we don't need those for this route anyway
-
- 01 Apr, 2020 1 commit
-
-
Nick Thomas authored
-
- 31 Mar, 2020 3 commits
-
-
Nick Thomas authored
Release Workhorse v8.29.0 See merge request gitlab-org/gitlab-workhorse!480
-
Nick Thomas authored
-
Nick Thomas authored
Bump Labkit version to support profiler sample versioning See merge request gitlab-org/gitlab-workhorse!479
-
- 30 Mar, 2020 1 commit
-
-
Oswaldo Ferreira authored
This version bump refers to fac94cb42 in order to support Go Continuous Profiling with versioning. I.e. Workhorse will provide its build version to the profiler and it'll be presented at the Stackdriver Profiler UI.
-
- 27 Mar, 2020 1 commit
-
-
Nick Thomas authored
CI: stop trying to rm -rf gitaly hooks in docker container See merge request gitlab-org/gitlab-workhorse!477
-
- 26 Mar, 2020 1 commit
-
-
Robert Speicher authored
-
- 25 Mar, 2020 1 commit
-
-
Jacob Vosmaer authored
-
- 23 Mar, 2020 4 commits
-
-
Alessio Caiazza authored
Reject parameters that override upload fields See merge request gitlab-org/security/gitlab-workhorse!3
-
Alessio Caiazza authored
-
Markus Koller authored
When Workhorse intercepts file uploads, we store the files and send the information about the temporary file in new multipart form values called `file.path`, `file.size` etc. Since we're also copying all other multipart form values from the original client request, it was possible to override the values we set in Workhorse, causing Rails to e.g. load the uploaded file from an injected `file.path` parameter. To avoid this, we check if client parameters have the same name as any of our own added fields and reject the request.
-
Markus Koller authored
The `path` and `remote_*` fields are not always set in Workhorse depending on the storage type, but still picked up in Rails. To avoid injecting any client params with the same name, we just set these fields to empty strings.
-
- 20 Mar, 2020 4 commits
-
-
Nick Thomas authored
Resolve "PyPi - Object storage upload route for package files" See merge request gitlab-org/gitlab-workhorse!474
-
Jacob Vosmaer authored
Release v8.27.0 See merge request gitlab-org/gitlab-workhorse!476
-
Ahmad Sherif authored
-
Jacob Vosmaer authored
Remove Set-Cookie header from archive and raw blob responses See merge request gitlab-org/gitlab-workhorse!475
-
- 19 Mar, 2020 1 commit
-
-
Ahmad Sherif authored
CDNs don't cache responses with Set-Cookie header as they assume they contain some sort of state or user-specific data, which is not the case for raw blobs and repository archives. This change allows GitLab installations that sit behind a CDN to benefit from its caching feature seamlessly. Related to https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/6829 and https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/4
-
- 17 Mar, 2020 3 commits
-
-
Daniel Croft authored
-
Daniel Croft authored
-
Daniel Croft authored
-
- 16 Mar, 2020 1 commit
-
-
Nick Thomas authored
Release Workhorse v8.26.0 See merge request gitlab-org/gitlab-workhorse!472
-