Commits · 17380cf90ce6f12ae06384d2d7a1d04bd928e6a5 · gpt / large_projects / gitlabhq1

Feb 14, 2019

Merge branch 'sh-fix-content-disposition-inline' into 'master' · 17380cf9

Douglas Barbosa Alexandre authored 6 years ago

Fix Content-Disposition hard-coded to attachments

Closes #57660

See merge request gitlab-org/gitlab-ce!25214

(cherry picked from commit a77a1e1b)

134420f2 Fix Content-Disposition hard-coded to attachments

17380cf9

Feb 05, 2019

Encode Content-Disposition filenames · 41b51c06

Stan Hu authored 6 years ago

Users downloading non-ASCII attachments would see garbled characters.
When used with object storage, AWS S3 would return an InvalidArgument
error: Header value cannot be represented using ISO-8859-1.

Per RFC 5987 and RFC 6266, Content-Disposition should be encoded
properly. This commit takes the Rails 6 implementation of
ActiveSuppport::Http::ContentDisposition
(https://github.com/rails/rails/pull/33829) and ports it here.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/47673

41b51c06

Nov 10, 2018
- MIME type application/javascript -> application/ecmascript · e1079ee2
  Stan Hu authored 6 years ago
  
  e1079ee2
Nov 07, 2018
- backport: Always proxy reports downloads · 5da2f42d
  Kamil Trzcińśki authored 6 years ago
  
  This makes to always proxy reports
  5da2f42d
Sep 06, 2018

Fix attachments not displaying inline with Google Cloud Storage · 262b9741

Stan Hu authored 6 years ago

There were several issues:

1. With Google Cloud Storage, we can't override the Content-Type with
Response-Content-Type once it is set.  Setting the value to
`application/octet-stream` doesn't buy us anything. GCS defaults to
`application/octet-stream`, and AWS uses `binary/octet-stream`. Just remove
this `Content-Type` when we upload new files.

2. CarrierWave and fog-google need to support query parameters:
https://github.com/fog/fog-google/pull/409/files, https://github.com/carrierwaveuploader/carrierwave/pull/2332/files.
CarrierWave has been monkey-patched until an official release.

3. Workhorse also needs to remove the Content-Type header in the request
(https://gitlab.com/gitlab-org/gitlab-workhorse/blob/ef80978ff89e628c8eeb66556720e30587d3deb6/internal/objectstore/object.go#L66),
or we'll get a 403 error when uploading due to signed URLs not matching the headers.
Upgrading to Workhorse 6.1.0 for https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/297
will make Workhorse use the headers that are used by Rails.

Closes #49957

262b9741

May 14, 2018

Fix cross-origin errors when attempting to download JavaScript attachments · 0c431706

Stan Hu authored 6 years ago

If you upload a file with a .js extension, Rails' cross-origin JavaScript
protection will prevent a user from downloading the file with a 422 error.
Setting the content-type to `text/plain` will allow the user to download
the file as a plaintext file.

Closes #45826

0c431706

Mar 22, 2018
- Backport ee-40781-os-to-ce · 44f37504
  Micael Bergeron authored 7 years ago
  
  44f37504
Mar 09, 2018
- Add proxy_download to perform proxied sending of all files · fc6587f1
  Micael Bergeron authored 7 years ago
  
  fc6587f1

Admin message

Admin message