Merge request page will continually poll the API for merge request CI status when auth token is expired

Summary

A user using a SAML token that expires every 12 hours left a merge request tab open and found that GitLab was consuming an excessive amount of resources. The page was continually polling the API for merge request CI status.

Actual Behavior: If the auth session is expired, it polls indefinitely. Every time it makes a request, it appends more HTML to the DOM in the browser, and the page takes more CPU and more RAM.

Expected Behavior: If the auth session has expired, stop polling for status, and redirect the user back to the SAML login page.

Version

10.6.4

Screenshot

https://gitlab.zendesk.com/agent/tickets/95736

Edited Aug 30, 2025 by 🤖 GitLab Bot 🤖