Consider relative URL root in Rack::Attack::Request (!79738) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Addresses #351306 (closed) by ensuring we take the relative root URL into account when performing checks in Rack::Attack::Request.

Previously, Request#path would have the value /some-path/prefix/api, which means that tests such as path.start_with?('/api') would fail.

Uses of path are replaced with logical_path, which is the path with the relative path prefix removed.

How to set up and validate locally

Enable a relative path prefix (see https://docs.gitlab.com/ee/install/relative_url.html) in your development enviroment.
Make any requests (the use of the /-/graphql-explorer is a good idea here, since it makes many requests to the /api/graphql endpoint).
Observe that the requests are identified as API requests.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #351306 (closed)

Edited Feb 04, 2022 by Alex Kalderimis

Consider relative URL root in Rack::Attack::Request

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports