Proxied LFS Object requests are being redirected to the primary's external URL
Summary
A git HTTP request that includes LFS objects, if proxied for any reason, will send the request to the primary's external URL instead of using the URL with /-/push_from_secondary/$SECONDARY_ID/*. This is a problem when we have an unified URL set up, because the request that should be proxied might be sent back to the a secondary node (regardless of the routing strategy), and then fail, or to the primary and succeed, creating intermittent issues.
Steps to reproduce
- Set up Geo with at least one secondary.
- Turn on selective sync, and exclude one project.
- On the project that is not synced, add lfs support and commit at least one lfs object (look at https://git-lfs.com for a quick guide).
- Try to clone the repository using the secondary's URL
You'll see that the regular git requests will be proxied (they will have /-/push_from_secondary/$SECONDARY_ID/* in the URL), as this repository was marked not to be synced to the secondary, but the LFS objects download requests will not, they will be pointing to the primary's external URL.
What is the current bug behavior?
A git HTTP request that includes LFS objects, if proxied, will send the request to the primary's external URL instead of using the proxy URL with /-/push_from_secondary/$SECONDARY_ID/*.
What is the expected correct behavior?
Git HTTP proxied requests to retrieve LFS objects should use the proxy URL with /-/push_from_secondary/$SECONDARY_ID/* to ensure targeting the primary in case an unified URL is set up.
Relevant logs and/or screenshots
This issue originates from https://gitlab.com/gitlab-com/request-for-help/-/issues/2218 - it has a lot of relevant log information.
This also relates to !122258 (merged).
Possible fixes
- Proxied git flows need to be proxied end-to-end - that includes the request to download the LFS objects (/gitlab-lfs/objects/{oid})