Add image resizing FF based on avatar owner (!40606) · Merge requests · GitLab.org / GitLab

Aleksei Lipniagov requested to merge 240920-img-resizing-add-ff-on-avatar-owner into master Aug 27, 2020

What does this MR do?

We will use two separate feature gates to allow image resizing.
This MR introduces the second, which is more strict.

The first, :dynamic_image_resizing, based on the content requester. Enabling it for the user would allow that user to send resizing requests for any avatar.
It is already in master, and it is not completely safe to use it over a wide set of users, see https://gitlab.com/gitlab-org/gitlab/-/issues/241533.

The second, :dynamic_image_resizing_trusted_owner, based on the content owner.
Enabling it for the user would allow anyone to send resizing requests against the mentioned user avatar only. This flag allows us to operate on trusted data only.

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.

Security

N/A

Related to #240920 (closed)

Edited Aug 27, 2020 by Aleksei Lipniagov

Add image resizing FF based on avatar owner

What does this MR do?

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

Merge request reports