Add head request support when the API helper present_carrierwave_file! returns a redirect
Summary
This is a follow-up issue from: !27612 (comment 310585077) and !27612 (comment 310084925).
When:
- Object Storage is enabled and baked by AWS S3
- The http request to a file is a HEAD
-
direct_download
is supported
API::Helpers#present_carrierwave_file!
will return a signed url pointing to the file in S3.
The issue is that the generated signature for AWS S3 takes the http method into account. Currently,
API::Helpers#present_carrierwave_file!
will generate a signature for GET.
If an API endpoint is hit with HEAD, the client will receive a redirect to the signed url and AWS S3 will reject the request as the signature is for GET and doesn't match HEAD.
Improvements
There are two levels where we can fix this:
- At GitLab level, we can patch
API::Helpers#present_carrierwave_file!
to support HEAD requests for redirects on AWS S3. !27612 (merged) is a working implementation scoped for the Maven API. - At CarrierWave/Fog level, we could submit a patch that provides support for HEAD requests when calling
file.url
.
(2.) is ideal but (1.) could work too in the meantime.
Risks
- The changes are for
API::Helpers#present_carrierwave_file!
method which is the method used by all Grape APIs for file downloads. - I currently count 10 APIs using this method.
- We can limit risks when implementing (1.) and scope this change for only when AWS S3 + HEAD request.
Involved components
lib/api/helpers.rb
Missing test coverage
- Specs examples for HEAD requests have to be added.