diff options
author | Robert Speicher <rspeicher@gmail.com> | 2016-02-15 21:17:20 -0500 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2016-03-08 23:49:30 -0500 |
commit | 5844a21a0acae08a19fa82984dcc0feb1b8777c5 (patch) | |
tree | aff41f83b11c676df2c3a64950196c994a183151 /lib | |
parent | e8cd04e831a2db36c4029f2c193fc40d2568c79e (diff) | |
download | gitlab-ce-5844a21a0acae08a19fa82984dcc0feb1b8777c5.tar.gz |
Use a custom Devise failure app to handle unauthenticated .zip requestsrs-issue-12944
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/12944
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/devise_failure.rb | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/lib/gitlab/devise_failure.rb b/lib/gitlab/devise_failure.rb new file mode 100644 index 00000000000..a78fde9d782 --- /dev/null +++ b/lib/gitlab/devise_failure.rb @@ -0,0 +1,23 @@ +module Gitlab + class DeviseFailure < Devise::FailureApp + protected + + # Override `Devise::FailureApp#request_format` to handle a special case + # + # This tells Devise to handle an unauthenticated `.zip` request as an HTML + # request (i.e., redirect to sign in). + # + # Otherwise, Devise would respond with a 401 Unauthorized with + # `Content-Type: application/zip` and a response body in plaintext, and the + # browser would freak out. + # + # See https://gitlab.com/gitlab-org/gitlab-ce/issues/12944 + def request_format + if request.format == :zip + Mime::Type.lookup_by_extension(:html).ref + else + super + end + end + end +end |