Permit Self-Managed Admins to Disable the Redirect Wall Before Artifacts Redirect to Pages
Release notes
Add option for self-managed GitLab administrators to disable redirect wall before artifact redirect to Pages
Problem to solve
In GitLab 15.5.2, a security fix was made that adds a redirect wall before artifacts redirect to pages. Many of GitLab's self-managed customers run their instances in isolation where this exploit would be of minimal risk. This new redirect wall adds unnecessary clicks to open and extra browser tabs. Customers may find this frustrating when the content to be displayed is known and trusted.
Currently I have only found one Support ticket (in US Fed specifically) that has asked about this change. Since 15.5.2 was very recently released, a large portion of our self-managed customers are still on older versions of GitLab. We may begin to see more requests about this in the future as customers upgrade to newer versions of GitLab.
Example Support ticket(s):
Relevant issue(s) discussing this change:
Proposal
It would be helpful to have a setting to disable the redirect wall. We could even continue to have the redirect wall set ON
by default, thus ensuring that all security risk of turning it off is assumed by those who disable it. Perhaps this would be best accomplished via a setting in gitlab.rb
under the Pages Global Settings
?
Additionally, it would be helpful to document this process on https://docs.gitlab.com/ so Support has a place to find the relevant setting details when asked by customers.
Intended users
Feature Usage Metrics
Support receives fewer tickets asking if this redirect wall can be disabled. We can measure this by seeing how many Support tickets get added to this feature proposal, as well as the number of requests vs time since the 15.5.2 release.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.