Send required object storage PUT headers in /uploads/authorize API
As revealed in https://gitlab.com/gitlab-org/gitlab-ce/issues/49957, Rails
generates a signed URL with a fixed HTTP header with Content-Type: application/octet-stream
. However, if we change or remove that for
some reason in Workhorse, this breaks the upload with a 403 Unauthorized because
the signed URL is not valid.
We can make this more robust by doing the following:
- In the
/uploads/authorize
request, Rails can return aStoreHeaders
key-value pair in the JSON response containing the required headers that the PUT request must include. - Use those HTTP headers if that value is present.
- For backwards compatibility, if that key is not present, default to
the old behavior of sending the fixed
Content-Type
header.
See gitlab-workhorse!297 (merged) as well.
Edited by Stan Hu