Fix: Allow Geo sync requests even if Git over HTTP is disabled (!190260) · Merge requests · GitLab.org / GitLab

Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

What does this MR do and why?

This MR updates the ProtocolChecker to allow access when the request is a Geo request, even if the HTTP protocol is otherwise disabled. This change ensures that replication and verification operations between Geo sites continue to function as expected in environments where HTTP is restricted. Additional tests are added to validate Geo-specific behavior on primary nodes.

References

Fixes GitLab issue #348482 (closed)

Related implementation for Geo: Gitlab::Geo

How to set up and validate locally

Ensure your local GDK has Geo enabled with a configured primary node.

Temporarily disable HTTP protocol in application_settings.

Simulate a Geo request using specs or manually with appropriate headers/tokens.

Validate that access is still allowed for git-upload-pack via Geo.

Run test suite: bin/rspec spec/lib/gitlab/checks/protocol_checker_spec.rb

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited May 05, 2025 by 🤖 GitLab Bot 🤖

Fix: Allow Geo sync requests even if Git over HTTP is disabled

What does this MR do and why?

References

How to set up and validate locally

MR acceptance checklist

Merge request reports