Switch object storage proxy_download setting from true to false to enable redirects (!1135) · Merge requests · multiple-projects / imported-project-7304d3d5d908a902

James Nutt requested to merge svistas-update-aws-proxy-setting into master Mar 03, 2023

What does this MR do and why?

Switches proxy_download from true to false after a regression.

Using an AWS S3 for object storage, the ~"Maven Repository" is not properly redirecting HEAD requests to object storage. When executing the redirect, it will end up in a 403 Forbidden response.

When GitLab needs to return a file that is present on object storage, the default (and ideal) configuration is: generate a pre signed url and redirect to that url. This redirect can be disabled with gitlab_rails['object_store']['proxy_download'] = true. By doing so, this issue disappears. (full investigation)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Mar 06, 2023 by James Nutt

Admin message

Admin message

Switch object storage proxy_download setting from true to false to enable redirects

What does this MR do and why?

MR acceptance checklist

Merge request reports