Support adding PUT headers for object storage from Rails (!297) · Merge requests · GitLab.org / gitlab-workhorse

Stan Hu requested to merge sh-object-storage-put-headers into master Aug 20, 2018

As revealed in https://gitlab.com/gitlab-org/gitlab-ce/issues/49957, Rails generates a signed URL with a fixed HTTP header with Content-Type: application/octet-stream. However, if we change or remove that for some reason in Workhorse, this breaks the upload with a 403 Unauthorized because the signed URL is not valid.

We can make this more robust by doing the following:

In the /uploads/authorize request, Rails can return a PutHeaders key-value pair in the JSON response containing the required headers that the PUT request must include.
Use those HTTP headers if that value is present.
For backwards compatibility, if that key is not present, default to the old behavior of sending the fixed Content-Type header.

See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/21319.

Edited Aug 23, 2018 by Stan Hu

Admin message

Support adding PUT headers for object storage from Rails

Merge request reports