CSP: disable LFS url when not using object storage
What does this MR do and why?
CSP: disable LFS url when not using object storage
Disable the allow_lfs
when object storage is not enabled for LFS.
- When using local storage, the path will come from within GitLab's primary URL
- When using local storage, Fog/CarrierWave will fail, unless user
always supplies a bogus
connection
hash.- Omnibus leave this empty unless provided.
Related to #422936 (closed)
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Configure
gitlab.yml
with CSP enabled, and LFS enabled without object storage.production: gitlab: content_security_policy: enabled: true report_only: true lfs: enabled: true object_store: enabled: false remote_directory: 'lfs-objects' connection: {} direct_upload: false proxy_download: true storage_options: {}
- Rails / Puma start successfully
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Jason Plum