Skip to content

fix: Handle 403 errors when artifacts loaded from GitLab artifacts browser

Stan Hu requested to merge sh-handle-api-artifacts-403 into master

What does this MR do?

When the artifacts server is enabled, GitLab Rails links certain files (e.g. HTML) to the GitLab Pages server so that the file can be rendered instead of downloaded. However, if public pipelines are not enabled for a public project and the user never authenticated with the Pages server, the GitLab Artifacts API would return a 403 error. This error would be forwarded to the user, and Pages would halt further processing.

To fix this problem, when we encounter a 403 error, we attempt to authenticate the user if no token is available.

Relates to gitlab#25192 (closed)

Testing

  1. Enable Pages access control and artifacts server:
pages_external_url "http://pages.example.com/"
gitlab_pages['enable'] = true
gitlab_pages['access_control'] = true
gitlab_pages['artifacts_server_url'] = "https://gitlab.example.com/api/v4"
  1. Setup a public project with the default HTML page template.
  2. In the project's CI/CD settings, be sure Public pipelines is disabled:

image

  1. Run the pipeline to kick off a Pages deploy.

  2. Update the .gitlab-ci.yml:

image: alpine:latest

build:
  script:
    - echo "hello world" > artifacts.html
    - echo "hello again" > 2.html
  artifacts:
    paths:
      - artifacts.html
      - 2.html
  1. Navigate to one of the HTML files in the artifacts browser. Previously it would show a 403 Forbidden error. Now it should authenticate the user and show the HTML file.

TODO

Edited by Stan Hu

Merge request reports

Loading