Fixing request json mime type
What does this MR do?
Fixes a problem with the request mime type when any of the User and IP Rate Limits are enabled.
Why was this MR needed?
When one of this options is enabled and we try to request a json the response was wrong because the mime type set in the request was invalid.
The origin of problem the problem is this:
- One of the
Rack::Attack
throttle blocks is run. Inside it, there is a call toGitlab::Auth::RequestAuthenticator.new(self).user&.id
. - The
find_user_from_rss_token
inGitlab::Auth::UserAuthFinders
is called by theuser
method ofGitlab::Auth::RequestAuthenticator
. - The guard clause of this method says:
return unless current_request.path.ends_with?('.atom') || current_request.format.atom?
Here is the root of the problem. The call to the current_request.format
.
Right now, the current_request.env['action_dispatch.request.formats']
is nil
. But the call to the format
method without any relevant param makes actionpack
to choose the first mime type available, which is */*
. And therefore, that value is memoized and set in the request. That's why, when the request reaches the controller, despite of having the parameter format
to json
it serves the HTML version of the page.
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
API support added -
Tests added for this feature/bug - Review
-
Has been reviewed by UX -
Has been reviewed by Frontend -
Has been reviewed by Backend -
Has been reviewed by Database
-
-
Conform by the merge request performance guides -
Conform by the style guides -
Squashed related commits together -
Internationalization required/considered
What are the relevant issue numbers?
Closes #41598 (closed)