Skip to content

Set MailRoom's delivery option content_type to text/plain

What does this MR do?

For https://gitlab.com/gitlab-org/gitlab/-/issues/362068

When investigating gitlab-com/gl-infra/production#7029 (closed), we found out that MailRoom content was delivered as application/x-www-form-urlencoded content type. There are some problems with this configuration:

  • This content type is not technically correct. The content is not encoded as form url encoded.
  • Performance issue. Rails tries to parse the body to put to params inside the controller. At a later stage, the mailroom endpoint reads the email content directly from request body and ignores this params.
  • Rails automatically logs params keys and values. This behavior is a potential security risk.

This content type is a configuration that MailRoom gem does not set by default: https://github.com/tpitale/mail_room/blob/14e5bccac93493ad3e84d56140ee172974365dcf/lib/mail_room/delivery/postback.rb#L98. As a result, the content-type header defaults to Faraday's default content type. We should submit an upstream patch to fix this issue permanently. However, it would take several iterations until the patch lands in our production. Therefore, I updated the configuration set inside Rails application and CNG helm chart. We'll submit a patch later when we have some spare time.

Related issues

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Required

  • Merge Request Title and Description are up to date, accurate, and descriptive
  • MR targeting the appropriate branch
  • MR has a green pipeline on GitLab.com

Expected (please provide an explanation if not completing)

  • Test plan indicating conditions for success has been posted and passes
  • Documentation created/updated
  • Tests added
  • Integration tests added to GitLab QA
  • Equivalent MR/issue for omnibus-gitlab opened
Edited by Jason Plum

Merge request reports