Set MailRoom's delivery option content_type to text/plain
What does this MR do?
For https://gitlab.com/gitlab-org/gitlab/-/issues/362068
When investigating gitlab-com/gl-infra/production#7029 (closed), we found out that MailRoom content was delivered as application/x-www-form-urlencoded content type. There are some problems with this configuration:
- This content type is not technically correct. The content is not encoded as form url encoded.
- Performance issue. Rails tries to parse the body to put to
paramsinside the controller. At a later stage, the mailroom endpoint reads the email content directly from request body and ignores this params. - Rails automatically logs params keys and values. This behavior is a potential security risk.
This content type is a configuration that MailRoom gem does not set by default: https://github.com/tpitale/mail_room/blob/14e5bccac93493ad3e84d56140ee172974365dcf/lib/mail_room/delivery/postback.rb#L98. As a result, the content-type header defaults to Faraday's default content type. We should submit an upstream patch to fix this issue permanently. However, it would take several iterations until the patch lands in our production. Therefore, I updated the configuration set inside Rails application and CNG helm chart. We'll submit a patch later when we have some spare time.
Related issues
- For https://gitlab.com/gitlab-org/gitlab/-/issues/362068
- Omnibus does not generate config/mail_room.yml file by itself. Instead, it uses Gitlab's Rails file. So, we'll need to update the one in Rails. There is a MR available here: gitlab-org/gitlab!88253 (merged).
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion.
Required
-
Merge Request Title and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Tests added -
Integration tests added to GitLab QA -
Equivalent MR/issue for omnibus-gitlab opened