security with proxy_download Object Storage Setting
Problem to solve
proxy_download
does not provide enough details on considerations you should take in to account when deciding between true
or false
. Specifically what are the security concerns (if any) with setting it to false
?
Further details
The description in docs for proxy_download
reads as a few different things yet neither addresses security concerns.
Set to true to enable proxying all files served. Option allows to reduce egress traffic as this allows clients to download directly from remote storage instead of proxying all data
Passthrough all downloads via GitLab instead of using Redirects to Object Storage.
Proposal
proxy_download
should provide enough details on considerations you should take in to account when deciding between true
or false
including security concerns.
Who can address the issue
@stanhu @WarheadsSE any inputs? Who else could help here?