Gitlab 11.6.0 sends Content-Disposition: attachment in blob/raw API
Summary
This is a regression after upgrading 11.5 to 11.6.0. Still present in 11.6.1
From gitlab 11.6.0 , getting a file via blob/raw API sends Content-Disposition: attachment
header
https://docs.gitlab.com/ce/api/repositories.html#raw-blob-content
In 11.5 the header Content-Disposition
wasn't sent.
This changes the ways how a client manage the response.
This regression has been discovered in gitlab-org/gitlab-ce#55781 discussion.
Steps to reproduce
Try to download a raw blob file via the API (in this case the file https://gitlab.com/lesebap/blob-bug/blob/master/example.json )
https://docs.gitlab.com/ce/api/repositories.html#raw-blob-content
curl -I \
--url 'https://gitlab.com/api/v4/projects/10119056/repository/blobs/fcd3397c7d03270eb5290758802de335b427920e/raw'
Response:
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Dec 2018 15:00:38 GMT
Content-Type: text/plain
Content-Length: 19
Cache-Control: no-cache
Content-Disposition: attachment; filename=nil
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: qu22J21NFr4
X-Runtime: 0.026984
Strict-Transport-Security: max-age=31536000
RateLimit-Limit: 600
RateLimit-Observed: 4
RateLimit-Remaining: 596
RateLimit-Reset: 1546009298
RateLimit-ResetTime: Sat, 28 Dec 2018 15:01:38 GMT
Example Project
I just published this repository to expose a file to download. The problem is present in any repository.
https://gitlab.com/lesebap/blob-bug
What is the current bug behavior?
The Content-Disposition
is set to attachment
Content-Disposition: attachment
This has an incidence on how the browsers load the response, if there is a Content-Disposition: attachment
header, the browser will try to download the file, if not, the raw content will be shown in the browser (normal behavior pour Content-Type: text/plain
).
What is the expected correct behavior?
Keep the classic API behavior. That means, omit Content-Disposition
header in blob/raw api.
This was the normal behavior in gitlab 11.5
Output of checks
This bug has been detected in Gitlab CE 11.6.0
Results of GitLab environment info
Expand for output related to GitLab environment info
System information System: CentOS 6.10 Current User: gitlab Using RVM: no Ruby Version: 2.5.3p105 Gem Version: 2.7.6 Bundler Version:1.16.6 Rake Version: 12.3.1 Redis Version: 3.2.12 Git Version: 2.18.1 Sidekiq Version:5.2.3 Go Version: unknownGitLab information Version: 11.6.0 Revision: 075f960 Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: postgresql URL: https://******** HTTP Clone URL: https:///some-group/some-project.git SSH Clone URL: gitlab@:some-group/some-project.git Using LDAP: yes Using Omniauth: yes Omniauth Providers:
GitLab Shell Version: 8.4.3 Repository storage paths:
- default: /home/gitlab/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks Git: /opt/gitlab/embedded/bin/git
Results of GitLab application Check
Expand for output related to the GitLab application check
Checking GitLab subtasks ...Checking GitLab Shell ...
GitLab Shell: ... GitLab Shell version >= 8.4.3 ? ... OK (8.4.3) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Check GitLab API access: OK Redis available via internal API: OK
Access to /var/opt/gitlab/.ssh/authorized_keys: OK gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Gitaly ...
Gitaly: ... default ... OK
Checking Gitaly ... Finished
Checking Sidekiq ...
Sidekiq: ... Running? ... yes Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Checking Incoming Email ...
Incoming Email: ... Reply by email is disabled in config/gitlab.yml
Checking Incoming Email ... Finished
Checking GitLab App ...
Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... no Try fixing it: sudo chown -R gitlab /var/opt/gitlab/gitlab-rails/uploads sudo find /var/opt/gitlab/gitlab-rails/uploads -type f -exec chmod 0644 {} ; sudo find /var/opt/gitlab/gitlab-rails/uploads -type d -not -path /var/opt/gitlab/gitlab-rails/uploads -exec chmod 0700 {} ; For more information see: doc/install/installation.md in section "GitLab" Please fix the error above and rerun the checks. Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... 99/23 ... yes 16/25 ... yes 59/28 ... yes 19/31 ... yes 19/33 ... yes 19/38 ... yes 19/39 ... yes 19/40 ... yes 19/42 ... yes 19/43 ... yes 19/47 ... yes 19/48 ... yes 23/49 ... yes 19/50 ... yes 19/51 ... yes 19/54 ... yes 19/56 ... yes 72/57 ... yes 23/60 ... yes 19/65 ... yes 44/66 ... yes 44/67 ... yes 44/68 ... yes 53/78 ... yes 46/80 ... yes 23/82 ... yes 23/88 ... yes 23/89 ... yes 33/90 ... yes 37/97 ... yes 57/98 ... yes 57/99 ... yes 23/100 ... yes 23/101 ... yes 23/102 ... yes 57/106 ... yes 57/107 ... yes 66/110 ... yes 23/111 ... yes 46/113 ... yes 46/114 ... yes 46/115 ... yes 46/116 ... yes 46/117 ... yes 46/118 ... yes 46/120 ... yes 46/121 ... yes 46/122 ... yes 46/123 ... yes 46/124 ... yes 46/125 ... yes 46/126 ... yes 46/127 ... yes 46/128 ... yes 46/129 ... yes 46/130 ... yes 46/131 ... yes 46/132 ... yes 46/133 ... yes 46/134 ... yes 46/135 ... yes 46/136 ... yes 46/137 ... yes 46/139 ... yes 46/141 ... yes 46/142 ... yes 46/143 ... yes 46/144 ... yes 46/146 ... yes 46/147 ... yes 46/148 ... yes 46/149 ... yes 46/150 ... yes 46/151 ... yes 46/152 ... yes 46/153 ... yes 46/154 ... yes 46/155 ... yes 46/156 ... yes 46/157 ... yes 46/158 ... yes 46/159 ... yes 46/160 ... yes 46/161 ... yes 46/162 ... yes 46/163 ... yes 46/166 ... yes 46/167 ... yes 46/168 ... yes 46/169 ... yes 46/170 ... yes 46/171 ... yes 37/172 ... yes 23/174 ... yes 59/178 ... yes 23/183 ... yes 57/187 ... yes 57/188 ... yes 62/199 ... yes 23/200 ... yes 46/201 ... yes 65/205 ... yes 53/207 ... yes 53/208 ... yes 66/209 ... yes 66/210 ... yes 19/211 ... yes 19/213 ... yes 19/214 ... yes 53/215 ... yes 59/216 ... yes 62/217 ... yes 57/219 ... yes 23/221 ... yes 57/222 ... yes 57/223 ... yes 23/225 ... yes 46/226 ... yes 44/227 ... yes 23/228 ... yes 23/229 ... yes 23/230 ... yes 23/231 ... yes 23/232 ... yes 19/235 ... yes 19/236 ... yes 19/237 ... yes 19/238 ... yes 19/239 ... yes 23/240 ... yes 65/241 ... yes 46/242 ... yes 23/244 ... yes 23/245 ... yes 23/246 ... yes 57/249 ... yes 46/252 ... yes 62/254 ... yes 65/255 ... yes 57/256 ... yes 70/262 ... yes 70/264 ... yes 70/265 ... yes 70/266 ... yes 70/267 ... yes 70/268 ... yes 70/269 ... yes 70/270 ... yes 65/271 ... yes 65/292 ... yes 57/293 ... yes 57/294 ... yes 57/295 ... yes 57/296 ... yes 23/303 ... yes 23/305 ... yes 23/307 ... yes 46/309 ... yes 46/310 ... yes 23/311 ... yes 65/312 ... yes 23/313 ... yes 53/314 ... yes 23/331 ... yes 75/332 ... yes 75/333 ... yes 75/334 ... yes 65/336 ... yes 23/338 ... yes 46/339 ... yes 75/340 ... yes 48/350 ... yes 48/352 ... yes 37/353 ... yes 23/358 ... yes 23/359 ... yes 23/360 ... yes 23/361 ... yes 23/362 ... yes 23/363 ... yes 23/364 ... yes 23/365 ... yes 23/366 ... yes 48/368 ... yes 23/372 ... yes 46/373 ... yes 19/375 ... yes 75/376 ... yes 46/377 ... yes 46/379 ... yes 65/385 ... yes 19/386 ... yes 23/387 ... yes 80/388 ... yes 59/391 ... yes 46/392 ... yes 46/393 ... yes 37/394 ... yes 37/398 ... yes 23/400 ... yes 46/402 ... yes 46/403 ... yes 65/405 ... yes 46/417 ... yes 46/418 ... yes 23/420 ... yes 57/424 ... yes 19/425 ... yes 75/426 ... yes 19/431 ... yes 46/433 ... yes 37/436 ... yes 15/437 ... yes 65/438 ... yes 65/440 ... yes 58/441 ... yes 113/445 ... yes 19/446 ... yes 57/450 ... yes 65/454 ... yes 62/455 ... yes 23/456 ... yes 46/458 ... yes 65/460 ... yes 23/461 ... yes 113/463 ... yes 37/469 ... yes 59/471 ... yes 85/472 ... yes 23/474 ... yes 19/475 ... yes 23/478 ... yes 46/481 ... yes 72/482 ... yes 59/487 ... yes 75/491 ... yes 75/492 ... yes 75/493 ... yes 75/494 ... yes 33/495 ... yes 46/499 ... yes 75/500 ... yes 72/504 ... yes 77/508 ... yes 65/510 ... yes 65/511 ... yes 75/512 ... yes 59/514 ... yes 19/516 ... yes 23/518 ... yes 10/519 ... yes 75/522 ... yes 59/524 ... yes 59/525 ... yes 72/529 ... yes 77/531 ... yes 48/536 ... yes 23/537 ... yes 16/538 ... yes 72/540 ... yes 48/541 ... yes 48/542 ... yes 48/543 ... yes 46/544 ... yes 19/546 ... yes 75/549 ... yes 75/550 ... yes 75/551 ... yes 75/552 ... yes 19/555 ... yes 48/559 ... yes 48/562 ... yes 48/563 ... yes 65/564 ... yes 23/565 ... yes 19/566 ... yes 46/568 ... yes 46/569 ... yes 46/570 ... yes 23/572 ... yes 19/573 ... yes 48/574 ... yes 23/577 ... yes 17/582 ... yes 48/583 ... yes 59/585 ... yes 23/586 ... yes 77/588 ... yes 19/593 ... yes 46/596 ... yes 48/598 ... yes 23/599 ... yes 37/601 ... yes 75/603 ... yes 72/605 ... yes 37/606 ... yes 19/611 ... yes 57/613 ... yes 65/616 ... yes 65/617 ... yes 48/618 ... yes 57/623 ... yes 46/624 ... yes 59/628 ... yes 59/631 ... yes 75/632 ... yes 59/635 ... yes 23/637 ... yes 72/638 ... yes 23/639 ... yes 72/641 ... yes 46/643 ... yes 19/645 ... yes 23/648 ... yes 23/649 ... yes 75/652 ... yes 75/653 ... yes 53/654 ... yes 46/655 ... yes 46/656 ... yes 46/657 ... yes 70/663 ... yes 23/664 ... yes 65/666 ... yes 46/671 ... yes 23/673 ... yes 46/677 ... yes 85/678 ... yes 65/680 ... yes 22/682 ... yes 33/686 ... yes 48/688 ... yes 48/689 ... yes 59/707 ... yes 75/708 ... yes 23/709 ... yes 65/711 ... yes 23/713 ... yes 110/720 ... yes 70/722 ... yes 110/728 ... yes 65/731 ... yes 65/733 ... yes 65/734 ... yes 65/736 ... yes 65/737 ... yes 37/740 ... yes 75/745 ... yes 104/746 ... yes 104/748 ... yes 104/749 ... yes 104/750 ... yes 23/751 ... yes 23/752 ... yes 75/754 ... yes 110/756 ... yes 66/757 ... yes 23/758 ... yes 65/760 ... yes 72/764 ... yes 70/768 ... yes 46/769 ... yes 46/771 ... yes 70/775 ... yes 75/776 ... yes 59/777 ... yes 23/778 ... yes 75/779 ... yes 48/780 ... yes 75/782 ... yes 59/783 ... yes 75/784 ... yes 113/785 ... yes 107/786 ... yes 75/787 ... yes 113/788 ... yes 113/789 ... yes 17/790 ... yes 115/791 ... yes 115/792 ... yes 59/795 ... yes 65/796 ... yes 59/797 ... yes 23/798 ... yes 65/802 ... yes 75/803 ... yes 75/804 ... yes 65/805 ... yes 75/807 ... yes 67/809 ... yes 67/810 ... yes 72/812 ... yes 85/815 ... yes 77/819 ... yes 41/821 ... yes 19/826 ... yes 65/827 ... yes 75/828 ... yes 75/829 ... yes 72/830 ... yes 23/831 ... yes 46/832 ... yes 65/834 ... yes 65/835 ... yes 65/836 ... yes 67/838 ... yes 115/841 ... yes 72/843 ... yes 13/844 ... yes 75/845 ... yes 110/848 ... yes 113/849 ... yes 75/850 ... yes 70/851 ... yes 65/852 ... yes 115/854 ... yes 85/855 ... yes 19/856 ... yes 70/861 ... yes 65/862 ... yes 65/863 ... yes 113/869 ... yes 39/871 ... yes 84/873 ... yes 23/875 ... yes 28/878 ... yes 70/879 ... yes 59/881 ... yes 59/882 ... yes 75/883 ... yes 23/884 ... yes 110/888 ... yes 59/889 ... yes 59/890 ... yes 115/892 ... yes 115/893 ... yes 70/895 ... yes 44/897 ... yes 59/898 ... yes 15/899 ... yes 113/900 ... yes 110/901 ... yes 65/902 ... yes 23/904 ... yes 59/905 ... yes 23/906 ... yes 65/909 ... yes 65/910 ... yes 65/913 ... yes 65/914 ... yes 124/915 ... yes 65/916 ... yes 65/918 ... yes 65/919 ... yes 65/920 ... yes 59/922 ... yes 59/923 ... yes 115/925 ... yes 110/926 ... yes 6/928 ... yes 6/930 ... yes 110/935 ... yes 110/936 ... yes 110/937 ... yes 110/939 ... yes 110/940 ... yes 110/941 ... yes 110/942 ... yes 110/943 ... yes 110/944 ... yes 110/946 ... yes 65/947 ... yes 59/948 ... yes 110/949 ... yes 110/950 ... yes 19/951 ... yes 110/952 ... yes 110/953 ... yes 110/954 ... yes 110/955 ... yes 110/956 ... yes 124/957 ... yes 110/958 ... yes 110/959 ... yes 110/960 ... yes 115/965 ... yes 23/966 ... yes 110/968 ... yes 115/970 ... yes 115/971 ... yes 115/972 ... yes 72/973 ... yes 124/974 ... yes 115/976 ... yes 115/977 ... yes 23/978 ... yes 23/979 ... yes 15/981 ... yes 59/984 ... yes 75/986 ... yes 59/988 ... yes 23/991 ... yes 110/993 ... yes 110/994 ... yes 11/995 ... yes 110/996 ... yes 113/997 ... yes 110/998 ... yes 110/999 ... yes 110/1000 ... yes 110/1001 ... yes 110/1002 ... yes 110/1003 ... yes 110/1004 ... yes 110/1005 ... yes 110/1009 ... yes 44/1011 ... yes 135/1012 ... yes 110/1013 ... yes 110/1014 ... yes 110/1015 ... yes 59/1016 ... yes 33/1017 ... yes 6/1024 ... yes 110/1026 ... yes 110/1027 ... yes 44/1034 ... yes 44/1035 ... yes 44/1036 ... yes 44/1037 ... yes 44/1038 ... yes 44/1039 ... yes 44/1041 ... yes 44/1042 ... yes 44/1043 ... yes 44/1044 ... yes 44/1045 ... yes 44/1046 ... yes 44/1047 ... yes 44/1048 ... yes 44/1049 ... yes 44/1050 ... yes 44/1051 ... yes 44/1052 ... yes 44/1055 ... yes 6/1056 ... yes 110/1057 ... yes 135/1061 ... yes 124/1062 ... yes 125/1063 ... yes 70/1064 ... yes 125/1067 ... yes 65/1068 ... yes 75/1075 ... yes 83/1077 ... yes 110/1078 ... yes 110/1080 ... yes 135/1082 ... yes 110/1083 ... yes 110/1085 ... yes 135/1087 ... yes 37/1088 ... yes 110/1090 ... yes 59/1091 ... yes 135/1092 ... yes 65/1094 ... yes 110/1095 ... yes 135/1096 ... yes 135/1097 ... yes 69/1098 ... yes 23/1099 ... yes 135/1102 ... yes 75/1103 ... yes 28/1104 ... yes 84/1106 ... yes 6/1109 ... yes 107/1110 ... yes 65/1111 ... yes 37/1112 ... yes 84/1115 ... yes 65/1116 ... yes 113/1118 ... yes 110/1119 ... yes 135/1124 ... yes 6/1126 ... yes 110/1127 ... yes 109/1128 ... yes 110/1129 ... yes 23/1130 ... yes 6/1132 ... yes 59/1134 ... yes 6/1135 ... yes 40/1137 ... yes 124/1138 ... yes 34/1139 ... yes 18/1142 ... yes 70/1144 ... yes 70/1145 ... yes 34/1146 ... yes 59/1148 ... yes 86/1149 ... yes 38/1151 ... yes 54/1152 ... yes 40/1154 ... yes 58/1156 ... yes 142/1157 ... yes 34/1158 ... yes 124/1164 ... yes 113/1167 ... yes 113/1168 ... yes 34/1169 ... yes 34/1170 ... yes 33/1172 ... yes 58/1173 ... yes 13/1177 ... yes 110/1179 ... yes 88/1180 ... yes 144/1182 ... yes 23/1184 ... yes 6/1187 ... yes 23/1188 ... yes 135/1190 ... yes 135/1191 ... yes 113/1196 ... yes 135/1230 ... yes 135/1235 ... yes 33/1236 ... yes 59/1237 ... yes 23/1238 ... yes 41/1239 ... yes 41/1240 ... yes 139/1244 ... yes 33/1245 ... yes 58/1247 ... yes 65/1249 ... yes 110/1252 ... yes 125/1253 ... yes 125/1254 ... yes 125/1256 ... yes 70/1258 ... yes 135/1259 ... yes 19/1262 ... yes 135/1264 ... yes 62/1265 ... yes 37/1267 ... yes 83/1268 ... yes 110/1269 ... yes 60/1271 ... yes 110/1272 ... yes 135/1277 ... yes 40/1278 ... yes 125/1281 ... yes 37/1282 ... yes 40/1283 ... yes 135/1284 ... yes 33/1286 ... yes 6/1287 ... yes 84/1289 ... yes 54/1293 ... yes 84/1296 ... yes 36/1297 ... yes 23/1298 ... yes 23/1299 ... yes 23/1300 ... yes 23/1301 ... yes 67/1302 ... yes 135/1305 ... yes 37/1306 ... yes 70/1310 ... yes 70/1311 ... yes 44/1312 ... yes 59/1314 ... yes 6/1315 ... yes 6/1316 ... yes 6/1317 ... yes 135/1319 ... yes 44/1321 ... yes 59/1322 ... yes 23/1323 ... yes 75/1324 ... yes 46/1325 ... yes 46/1326 ... yes 23/1327 ... yes 23/1328 ... yes 59/1330 ... yes 17/1331 ... yes 86/1334 ... yes 59/1335 ... yes 124/1336 ... yes 70/1337 ... yes 29/1338 ... yes 37/1339 ... yes 113/1340 ... yes 46/1342 ... yes 177/1344 ... yes 13/1345 ... yes 54/1347 ... yes 23/1348 ... yes 152/1350 ... yes 75/1351 ... yes 135/1352 ... yes 135/1353 ... yes 152/1354 ... yes 62/1355 ... yes 17/1356 ... yes 13/1359 ... yes 152/1360 ... yes 23/1364 ... yes 39/1365 ... yes 13/1367 ... yes 13/1368 ... yes 17/1369 ... yes 152/1371 ... yes 189/1372 ... yes 189/1373 ... yes 189/1374 ... yes 190/1375 ... yes 139/1376 ... yes 135/1377 ... yes 139/1378 ... yes 101/1379 ... yes 23/1380 ... yes 135/1381 ... yes 152/1382 ... yes 152/1383 ... yes 197/1384 ... yes 77/1386 ... yes 197/1387 ... yes 152/1388 ... yes 152/1389 ... yes 11/1390 ... yes 152/1391 ... yes 23/1392 ... yes 135/1393 ... yes 65/1394 ... yes 22/1395 ... yes 152/1396 ... yes 23/1397 ... yes 77/1398 ... yes 110/1399 ... yes 113/1400 ... yes 6/1401 ... yes 77/1403 ... yes 13/1404 ... yes 17/1405 ... yes 6/1406 ... yes 41/1407 ... yes 59/1408 ... yes 39/1410 ... yes 19/1411 ... yes 135/1412 ... yes 110/1414 ... yes 65/1415 ... yes 19/1416 ... yes 65/1417 ... yes 39/1418 ... yes 39/1419 ... yes 75/1420 ... yes 39/1422 ... yes 77/1423 ... yes 38/1424 ... yes 13/1425 ... yes 77/1427 ... yes 84/1428 ... yes Redis version >= 2.8.0? ... yes Ruby version >= 2.3.5 ? ... yes (2.5.3) Git version >= 2.18.0 ? ... yes (2.18.1) Git user has default SSH configuration? ... yes Active users: ... 115
Checking GitLab App ... Finished
Checking GitLab subtasks ... Finished
Possible fixes
I think the problem comes from this line :
https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/api/helpers.rb#L499