debian-mirror-gitlab/config/application.rb

565 lines
25 KiB
Ruby
Raw Normal View History

2021-01-03 14:25:43 +05:30
# frozen_string_literal: true
2019-09-30 21:07:59 +05:30
require_relative 'boot'
2014-09-02 18:07:02 +05:30
2020-03-13 15:44:24 +05:30
# Based on https://github.com/rails/rails/blob/v6.0.1/railties/lib/rails/all.rb
2019-09-30 21:07:59 +05:30
# Only load the railties we need instead of loading everything
2020-03-13 15:44:24 +05:30
require 'rails'
2019-09-30 21:07:59 +05:30
require 'active_record/railtie'
require 'action_controller/railtie'
require 'action_view/railtie'
require 'action_mailer/railtie'
2020-04-08 14:13:33 +05:30
require 'action_cable/engine'
2019-09-30 21:07:59 +05:30
require 'rails/test_unit/railtie'
2016-06-02 11:05:42 +05:30
2019-09-30 21:07:59 +05:30
Bundler.require(*Rails.groups)
2014-09-02 18:07:02 +05:30
module Gitlab
class Application < Rails::Application
2021-12-11 22:18:48 +05:30
config.load_defaults 6.1
2022-08-13 15:12:31 +05:30
config.active_support.hash_digest_class = ::OpenSSL::Digest::SHA256
2021-12-11 22:18:48 +05:30
# This section contains configuration from Rails upgrades to override the new defaults so that we
# keep existing behavior.
#
# For boolean values, the new default is the opposite of the value being set in this section.
# For other types, the new default is noted in the comments. These are also documented in
# https://guides.rubyonrails.org/configuring.html#results-of-config-load-defaults
#
# To switch a setting to the new default value, we just need to delete the specific line here.
# Rails 6.1
config.action_dispatch.cookies_same_site_protection = nil # New default is :lax
ActiveSupport.utc_to_local_returns_utc_offset_times = false
config.action_controller.urlsafe_csrf_tokens = false
config.action_view.preload_links_header = false
# Rails 5.2
config.action_dispatch.use_authenticated_cookie_encryption = false
config.active_support.use_authenticated_message_encryption = false
config.action_controller.default_protect_from_forgery = false
config.action_view.form_with_generates_ids = false
# Rails 5.1
config.assets.unknown_asset_fallback = true
# Rails 5.0
config.action_controller.per_form_csrf_tokens = false
config.action_controller.forgery_protection_origin_check = false
ActiveSupport.to_time_preserves_timezone = false
2019-09-30 21:07:59 +05:30
require_dependency Rails.root.join('lib/gitlab')
2019-12-21 20:55:43 +05:30
require_dependency Rails.root.join('lib/gitlab/utils')
2020-07-28 23:09:34 +05:30
require_dependency Rails.root.join('lib/gitlab/action_cable/config')
2018-03-17 18:26:18 +05:30
require_dependency Rails.root.join('lib/gitlab/redis/wrapper')
2017-09-10 17:25:29 +05:30
require_dependency Rails.root.join('lib/gitlab/redis/cache')
require_dependency Rails.root.join('lib/gitlab/redis/queues')
require_dependency Rails.root.join('lib/gitlab/redis/shared_state')
2021-11-18 22:05:49 +05:30
require_dependency Rails.root.join('lib/gitlab/redis/trace_chunks')
require_dependency Rails.root.join('lib/gitlab/redis/rate_limiting')
require_dependency Rails.root.join('lib/gitlab/redis/sessions')
2018-03-27 19:54:05 +05:30
require_dependency Rails.root.join('lib/gitlab/current_settings')
2018-11-08 19:23:39 +05:30
require_dependency Rails.root.join('lib/gitlab/middleware/read_only')
2021-12-11 22:18:48 +05:30
require_dependency Rails.root.join('lib/gitlab/middleware/compressed_json')
2018-12-05 23:21:45 +05:30
require_dependency Rails.root.join('lib/gitlab/middleware/basic_health_check')
2020-04-22 19:07:51 +05:30
require_dependency Rails.root.join('lib/gitlab/middleware/same_site_cookies')
2020-06-23 00:09:42 +05:30
require_dependency Rails.root.join('lib/gitlab/middleware/handle_ip_spoof_attack_error')
2021-01-29 00:20:46 +05:30
require_dependency Rails.root.join('lib/gitlab/middleware/handle_malformed_strings')
2021-04-29 21:17:54 +05:30
require_dependency Rails.root.join('lib/gitlab/middleware/rack_multipart_tempfile_factory')
2020-03-13 15:44:24 +05:30
require_dependency Rails.root.join('lib/gitlab/runtime')
2022-06-21 17:19:12 +05:30
require_dependency Rails.root.join('lib/gitlab/patch/database_config')
2022-03-02 08:16:31 +05:30
require_dependency Rails.root.join('lib/gitlab/exceptions_app')
2022-07-16 23:28:13 +05:30
config.exceptions_app = Gitlab::ExceptionsApp.new(Gitlab.jh? ? Rails.root.join('jh/public') : Rails.public_path)
2018-11-08 19:23:39 +05:30
2022-06-21 17:19:12 +05:30
# This preload is required to:
#
# 1. Convert legacy `database.yml`;
# 2. Include Geo post-deployment migrations settings;
#
# TODO: In 15.0, this preload can be wrapped in a Gitlab.ee block
# since we don't need to convert legacy `database.yml` anymore.
config.class.prepend(::Gitlab::Patch::DatabaseConfig)
2021-11-11 11:23:49 +05:30
2014-09-02 18:07:02 +05:30
# Settings in config/environments/* take precedence over those specified here.
# Application configuration should go into files in config/initializers
# -- all .rb files in that directory are automatically loaded.
2016-06-02 11:05:42 +05:30
# Sidekiq uses eager loading, but directories not in the standard Rails
# directories must be added to the eager load paths:
# https://github.com/mperham/sidekiq/wiki/FAQ#why-doesnt-sidekiq-autoload-my-rails-application-code
# Also, there is no need to add `lib` to autoload_paths since autoloading is
# configured to check for eager loaded paths:
# https://github.com/rails/rails/blob/v4.2.6/railties/lib/rails/engine.rb#L687
# This is a nice reference article on autoloading/eager loading:
# http://blog.arkency.com/2014/11/dont-forget-about-eager-load-when-extending-autoload
2017-09-10 17:25:29 +05:30
config.eager_load_paths.push(*%W[#{config.root}/lib
2018-03-27 19:54:05 +05:30
#{config.root}/app/models/badges
2016-06-02 11:05:42 +05:30
#{config.root}/app/models/hooks
#{config.root}/app/models/members
2018-11-18 11:00:15 +05:30
#{config.root}/app/graphql/resolvers/concerns
2020-11-24 15:15:51 +05:30
#{config.root}/app/graphql/mutations/concerns
#{config.root}/app/graphql/types/concerns])
2016-06-02 11:05:42 +05:30
config.generators.templates.push("#{config.root}/generator_templates")
2014-09-02 18:07:02 +05:30
2021-06-08 01:23:25 +05:30
foss_eager_load_paths = config.eager_load_paths.dup.freeze
2021-04-29 21:17:54 +05:30
load_paths = lambda do |dir:|
2021-06-08 01:23:25 +05:30
ext_paths = foss_eager_load_paths.each_with_object([]) do |path, memo|
2021-04-29 21:17:54 +05:30
ext_path = config.root.join(dir, Pathname.new(path).relative_path_from(config.root))
memo << ext_path.to_s
2019-12-21 20:55:43 +05:30
end
2019-09-04 21:01:54 +05:30
2021-04-29 21:17:54 +05:30
ext_paths << "#{config.root}/#{dir}/app/replicators"
2020-03-13 15:44:24 +05:30
2019-12-21 20:55:43 +05:30
# Eager load should load CE first
2021-04-29 21:17:54 +05:30
config.eager_load_paths.push(*ext_paths)
config.helpers_paths.push "#{config.root}/#{dir}/app/helpers"
2019-09-04 21:01:54 +05:30
2021-04-29 21:17:54 +05:30
# Other than Ruby modules we load extensions first
config.paths['lib/tasks'].unshift "#{config.root}/#{dir}/lib/tasks"
config.paths['app/views'].unshift "#{config.root}/#{dir}/app/views"
end
Gitlab.ee do
load_paths.call(dir: 'ee')
end
Gitlab.jh do
load_paths.call(dir: 'jh')
2019-12-21 20:55:43 +05:30
end
2019-09-04 21:01:54 +05:30
2018-03-17 18:26:18 +05:30
# Rake tasks ignore the eager loading settings, so we need to set the
# autoload paths explicitly
config.autoload_paths = config.eager_load_paths.dup
2021-10-27 15:23:28 +05:30
# These are only used in Rake tasks so we don't need to add these to eager_load_paths
2021-06-08 01:23:25 +05:30
config.autoload_paths.push("#{config.root}/lib/generators")
2021-10-27 15:23:28 +05:30
Gitlab.ee { config.autoload_paths.push("#{config.root}/ee/lib/generators") }
Gitlab.jh { config.autoload_paths.push("#{config.root}/jh/lib/generators") }
2018-03-17 18:26:18 +05:30
2022-07-16 23:28:13 +05:30
# Add JH initializer into rails initializers path
Gitlab.jh { config.paths["config/initializers"] << "#{config.root}/jh/config/initializers" }
2014-09-02 18:07:02 +05:30
# Only load the plugins named here, in the order given (default is alphabetical).
# :all can be used as a placeholder for all plugins not explicitly named.
# config.plugins = [ :exception_notification, :ssl_requirement, :all ]
# The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
# config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
# config.i18n.default_locale = :de
config.i18n.enforce_available_locales = false
2019-02-15 15:39:39 +05:30
# Enable locale fallbacks for I18n (makes lookups for any locale fall back to
# the I18n.default_locale when a translation can not be found).
# We have to explicitly set default locale since 1.1.0 - see:
# https://github.com/svenfuchs/i18n/pull/415
config.i18n.fallbacks = [:en]
2017-08-17 22:00:37 +05:30
# Translation for AR attrs is not working well for POROs like WikiPage
config.gettext_i18n_rails.use_for_active_record_attributes = false
2014-09-02 18:07:02 +05:30
# Configure the default encoding used in templates for Ruby 1.9.
config.encoding = "utf-8"
# Configure sensitive parameters which will be filtered from the log file.
2016-06-02 11:05:42 +05:30
#
# Parameters filtered:
2018-03-17 18:26:18 +05:30
# - Any parameter ending with `token`
2017-09-10 17:25:29 +05:30
# - Any parameter containing `password`
# - Any parameter containing `secret`
2018-12-05 23:21:45 +05:30
# - Any parameter ending with `key`
2016-06-02 11:05:42 +05:30
# - Two-factor tokens (:otp_attempt)
# - Repo/Project Import URLs (:import_url)
2018-03-17 18:26:18 +05:30
# - Build traces (:trace)
2016-06-02 11:05:42 +05:30
# - Build variables (:variables)
# - GitLab Pages SSL cert/key info (:certificate, :encrypted_key)
# - Webhook URLs (:hook)
# - Sentry DSN (:sentry_dsn)
2018-11-08 19:23:39 +05:30
# - File content from Web Editor (:content)
2019-07-07 11:18:12 +05:30
# - Jira shared secret (:sharedSecret)
2019-10-12 21:52:04 +05:30
# - Titles, bodies, and descriptions for notes, issues, etc.
2018-11-29 20:51:05 +05:30
#
2019-10-12 21:52:04 +05:30
# NOTE: It is **IMPORTANT** to also update labkit's filter when
# adding parameters here to not introduce another security
# vulnerability:
# https://gitlab.com/gitlab-org/labkit/blob/master/mask/matchers.go
config.filter_parameters += [
/token$/,
/password/,
/secret/,
/key$/,
/^body$/,
/^description$/,
/^note$/,
/^text$/,
2021-01-03 14:25:43 +05:30
/^title$/,
/^hook$/
2019-10-12 21:52:04 +05:30
]
2016-06-02 11:05:42 +05:30
config.filter_parameters += %i(
certificate
encrypted_key
import_url
2020-05-24 23:13:21 +05:30
elasticsearch_url
2021-06-08 01:23:25 +05:30
elasticsearch_password
2020-12-08 15:28:05 +05:30
search
2021-02-22 17:27:13 +05:30
jwt
2021-09-30 23:02:18 +05:30
mailgun_signing_key
2016-06-02 11:05:42 +05:30
otp_attempt
sentry_dsn
2018-03-17 18:26:18 +05:30
trace
2016-06-02 11:05:42 +05:30
variables
2018-11-08 19:23:39 +05:30
content
2019-07-07 11:18:12 +05:30
sharedSecret
2016-06-02 11:05:42 +05:30
)
2014-09-02 18:07:02 +05:30
# Enable escaping HTML in JSON.
config.active_support.escape_html_entities_in_json = true
# Use SQL instead of Active Record's schema dumper when creating the database.
# This is necessary if your schema can't be completely dumped by the schema dumper,
# like if you have constraints or database-specific column types
2020-04-22 19:07:51 +05:30
config.active_record.schema_format = :sql
2014-09-02 18:07:02 +05:30
2021-10-27 15:23:28 +05:30
# Dump all DB schemas even if schema_search_path is defined,
# so that we get the same db/structure.sql
# regardless if schema_search_path is set, or not.
config.active_record.dump_schemas = :all
2021-12-11 22:18:48 +05:30
# Override default Active Record settings
# We cannot do this in an initializer because some models are already loaded by then
config.active_record.cache_versioning = false
config.active_record.collection_cache_versioning = false
config.active_record.has_many_inversing = false
config.active_record.belongs_to_required_by_default = false
2020-07-28 23:09:34 +05:30
2014-09-02 18:07:02 +05:30
# Enable the asset pipeline
config.assets.enabled = true
2018-03-17 18:26:18 +05:30
2017-08-17 22:00:37 +05:30
# Support legacy unicode file named img emojis, `1F939.png`
2021-12-11 22:18:48 +05:30
config.assets.paths << TanukiEmoji.images_path
2018-03-17 18:26:18 +05:30
config.assets.paths << "#{config.root}/vendor/assets/fonts"
2021-01-03 14:25:43 +05:30
config.assets.precompile << "application_utilities.css"
config.assets.precompile << "application_utilities_dark.css"
2020-06-23 00:09:42 +05:30
config.assets.precompile << "application_dark.css"
2020-10-24 23:57:45 +05:30
config.assets.precompile << "startup/*.css"
2014-09-02 18:07:02 +05:30
config.assets.precompile << "print.css"
2019-12-26 22:10:19 +05:30
config.assets.precompile << "mailer.css"
config.assets.precompile << "mailer_client_specific.css"
2016-06-02 11:05:42 +05:30
config.assets.precompile << "notify.css"
2022-05-07 20:08:51 +05:30
config.assets.precompile << "notify_enhanced.css"
config.assets.precompile << "mailers/*.css"
2020-11-24 15:15:51 +05:30
config.assets.precompile << "page_bundles/_mixins_and_variables_and_functions.css"
2021-03-11 19:13:27 +05:30
config.assets.precompile << "page_bundles/admin/application_settings_metrics_and_profiling.css"
config.assets.precompile << "page_bundles/admin/jobs_index.css"
2021-01-29 00:20:46 +05:30
config.assets.precompile << "page_bundles/alert_management_details.css"
2021-03-08 18:12:59 +05:30
config.assets.precompile << "page_bundles/alert_management_settings.css"
2021-01-03 14:25:43 +05:30
config.assets.precompile << "page_bundles/boards.css"
2021-01-29 00:20:46 +05:30
config.assets.precompile << "page_bundles/build.css"
config.assets.precompile << "page_bundles/ci_status.css"
2021-01-03 14:25:43 +05:30
config.assets.precompile << "page_bundles/cycle_analytics.css"
2022-04-04 11:22:00 +05:30
config.assets.precompile << "page_bundles/dashboard_projects.css"
2021-12-11 22:18:48 +05:30
config.assets.precompile << "page_bundles/dev_ops_reports.css"
2022-10-11 01:57:18 +05:30
config.assets.precompile << "page_bundles/editor.css"
2021-01-03 14:25:43 +05:30
config.assets.precompile << "page_bundles/environments.css"
2021-01-29 00:20:46 +05:30
config.assets.precompile << "page_bundles/epics.css"
2021-01-03 14:25:43 +05:30
config.assets.precompile << "page_bundles/error_tracking_details.css"
config.assets.precompile << "page_bundles/error_tracking_index.css"
2021-09-04 01:27:46 +05:30
config.assets.precompile << "page_bundles/group.css"
2018-11-18 11:00:15 +05:30
config.assets.precompile << "page_bundles/ide.css"
2021-02-22 17:27:13 +05:30
config.assets.precompile << "page_bundles/import.css"
2021-03-08 18:12:59 +05:30
config.assets.precompile << "page_bundles/incident_management_list.css"
2021-01-03 14:25:43 +05:30
config.assets.precompile << "page_bundles/issues_list.css"
2022-07-16 23:28:13 +05:30
config.assets.precompile << "page_bundles/issues_show.css"
2020-11-24 15:15:51 +05:30
config.assets.precompile << "page_bundles/jira_connect.css"
2021-01-03 14:25:43 +05:30
config.assets.precompile << "page_bundles/jira_connect_users.css"
2021-04-17 20:07:23 +05:30
config.assets.precompile << "page_bundles/learn_gitlab.css"
2021-10-27 15:23:28 +05:30
config.assets.precompile << "page_bundles/marketing_popover.css"
2021-04-17 20:07:23 +05:30
config.assets.precompile << "page_bundles/members.css"
2021-01-03 14:25:43 +05:30
config.assets.precompile << "page_bundles/merge_conflicts.css"
config.assets.precompile << "page_bundles/merge_requests.css"
config.assets.precompile << "page_bundles/milestone.css"
2021-06-08 01:23:25 +05:30
config.assets.precompile << "page_bundles/new_namespace.css"
2021-03-08 18:12:59 +05:30
config.assets.precompile << "page_bundles/oncall_schedules.css"
2021-09-04 01:27:46 +05:30
config.assets.precompile << "page_bundles/escalation_policies.css"
2021-01-03 14:25:43 +05:30
config.assets.precompile << "page_bundles/pipeline.css"
2021-01-29 00:20:46 +05:30
config.assets.precompile << "page_bundles/pipeline_schedules.css"
2021-03-08 18:12:59 +05:30
config.assets.precompile << "page_bundles/pipelines.css"
2022-07-16 23:28:13 +05:30
config.assets.precompile << "page_bundles/pipeline_editor.css"
2021-01-03 14:25:43 +05:30
config.assets.precompile << "page_bundles/productivity_analytics.css"
2022-08-27 11:52:29 +05:30
config.assets.precompile << "page_bundles/profile.css"
2021-02-22 17:27:13 +05:30
config.assets.precompile << "page_bundles/profile_two_factor_auth.css"
2022-10-11 01:57:18 +05:30
config.assets.precompile << "page_bundles/profiles/preferences.css"
2021-09-04 01:27:46 +05:30
config.assets.precompile << "page_bundles/project.css"
2022-04-04 11:22:00 +05:30
config.assets.precompile << "page_bundles/projects_edit.css"
2021-03-08 18:12:59 +05:30
config.assets.precompile << "page_bundles/reports.css"
config.assets.precompile << "page_bundles/roadmap.css"
2022-10-11 01:57:18 +05:30
config.assets.precompile << "page_bundles/requirements.css"
2022-08-27 11:52:29 +05:30
config.assets.precompile << "page_bundles/runner_details.css"
2021-02-22 17:27:13 +05:30
config.assets.precompile << "page_bundles/security_dashboard.css"
2021-04-17 20:07:23 +05:30
config.assets.precompile << "page_bundles/security_discover.css"
2021-03-08 18:12:59 +05:30
config.assets.precompile << "page_bundles/signup.css"
2021-01-03 14:25:43 +05:30
config.assets.precompile << "page_bundles/terminal.css"
2021-12-11 22:18:48 +05:30
config.assets.precompile << "page_bundles/terms.css"
2020-11-24 15:15:51 +05:30
config.assets.precompile << "page_bundles/todos.css"
2021-01-03 14:25:43 +05:30
config.assets.precompile << "page_bundles/wiki.css"
2022-08-13 15:12:31 +05:30
config.assets.precompile << "page_bundles/work_items.css"
2021-01-29 00:20:46 +05:30
config.assets.precompile << "page_bundles/xterm.css"
2021-01-03 14:25:43 +05:30
config.assets.precompile << "lazy_bundles/cropper.css"
2021-01-29 00:20:46 +05:30
config.assets.precompile << "lazy_bundles/select2.css"
2017-09-10 17:25:29 +05:30
config.assets.precompile << "performance_bar.css"
2020-03-13 15:44:24 +05:30
config.assets.precompile << "disable_animations.css"
2021-04-17 20:07:23 +05:30
config.assets.precompile << "test_environment.css"
2018-10-15 14:42:47 +05:30
config.assets.precompile << "snippets.css"
2018-03-17 18:26:18 +05:30
config.assets.precompile << "locale/**/app.js"
2018-10-15 14:42:47 +05:30
config.assets.precompile << "emoji_sprites.css"
2018-11-08 19:23:39 +05:30
config.assets.precompile << "errors.css"
2020-11-24 15:15:51 +05:30
config.assets.precompile << "jira_connect.js"
config.assets.precompile << "themes/*.css"
2014-09-02 18:07:02 +05:30
2019-07-07 11:18:12 +05:30
config.assets.precompile << "highlight/themes/*.css"
2022-06-21 17:19:12 +05:30
config.assets.precompile << "highlight/diff_custom_colors_addition.css"
config.assets.precompile << "highlight/diff_custom_colors_deletion.css"
2019-07-07 11:18:12 +05:30
2018-05-09 12:01:36 +05:30
# Import gitlab-svgs directly from vendored directory
2018-12-13 13:39:08 +05:30
config.assets.paths << "#{config.root}/node_modules/@gitlab/svgs/dist"
2022-07-23 23:45:48 +05:30
config.assets.paths << "#{config.root}/node_modules/@jihulab/svgs/dist" if Gitlab.jh?
config.assets.precompile << "illustrations/jh/*.svg" if Gitlab.jh?
2018-05-09 12:01:36 +05:30
config.assets.precompile << "icons.svg"
config.assets.precompile << "icons.json"
config.assets.precompile << "illustrations/*.svg"
2022-08-27 11:52:29 +05:30
config.assets.precompile << "illustrations/*.png"
2018-05-09 12:01:36 +05:30
2018-11-18 11:00:15 +05:30
# Import css for xterm
config.assets.paths << "#{config.root}/node_modules/xterm/src/"
config.assets.precompile << "xterm.css"
2019-10-12 21:52:04 +05:30
# Import path for EE specific SCSS entry point
# In CE it will import a noop file, in EE a functioning file
# Order is important, so that the ee file takes precedence:
2021-10-27 15:23:28 +05:30
config.assets.paths << "#{config.root}/jh/app/assets/stylesheets/_jh" if Gitlab.jh?
2019-12-21 20:55:43 +05:30
config.assets.paths << "#{config.root}/ee/app/assets/stylesheets/_ee" if Gitlab.ee?
2021-10-27 15:23:28 +05:30
config.assets.paths << "#{config.root}/app/assets/stylesheets/_jh"
2019-10-12 21:52:04 +05:30
config.assets.paths << "#{config.root}/app/assets/stylesheets/_ee"
2019-09-04 21:01:54 +05:30
config.assets.paths << "#{config.root}/vendor/assets/javascripts/"
config.assets.precompile << "snowplow/sp.js"
2019-09-30 21:07:59 +05:30
# This path must come last to avoid confusing sprockets
2019-12-04 20:38:33 +05:30
# See https://gitlab.com/gitlab-org/gitlab-foss/issues/64091#note_194512508
2019-09-30 21:07:59 +05:30
config.assets.paths << "#{config.root}/node_modules"
2014-09-02 18:07:02 +05:30
# Version of your assets, change this if you want to expire all your assets
config.assets.version = '1.0'
2019-02-15 15:39:39 +05:30
# Nokogiri is significantly faster and uses less memory than REXML
ActiveSupport::XmlMini.backend = 'Nokogiri'
2018-11-18 11:00:15 +05:30
# This middleware needs to precede ActiveRecord::QueryCache and other middlewares that
# connect to the database.
2018-12-05 23:21:45 +05:30
config.middleware.insert_after Rails::Rack::Logger, ::Gitlab::Middleware::BasicHealthCheck
2018-11-18 11:00:15 +05:30
2018-03-17 18:26:18 +05:30
config.middleware.insert_after Warden::Manager, Rack::Attack
2014-09-02 18:07:02 +05:30
2020-04-22 19:07:51 +05:30
config.middleware.insert_before ActionDispatch::Cookies, ::Gitlab::Middleware::SameSiteCookies
2020-06-23 00:09:42 +05:30
config.middleware.insert_before ActionDispatch::RemoteIp, ::Gitlab::Middleware::HandleIpSpoofAttackError
2021-01-29 00:20:46 +05:30
config.middleware.insert_after ActionDispatch::ActionableExceptions, ::Gitlab::Middleware::HandleMalformedStrings
2021-01-03 14:25:43 +05:30
2021-04-29 21:17:54 +05:30
config.middleware.insert_after Rack::Sendfile, ::Gitlab::Middleware::RackMultipartTempfileFactory
2021-12-11 22:18:48 +05:30
config.middleware.insert_before Rack::Runtime, ::Gitlab::Middleware::CompressedJson
2014-09-02 18:07:02 +05:30
# Allow access to GitLab API from other domains
2016-10-01 15:18:49 +05:30
config.middleware.insert_before Warden::Manager, Rack::Cors do
2020-03-13 15:44:24 +05:30
headers_to_expose = %w[Link X-Total X-Total-Pages X-Per-Page X-Page X-Next-Page X-Prev-Page X-Gitlab-Blob-Id X-Gitlab-Commit-Id X-Gitlab-Content-Sha256 X-Gitlab-Encoding X-Gitlab-File-Name X-Gitlab-File-Path X-Gitlab-Last-Commit-Id X-Gitlab-Ref X-Gitlab-Size]
2016-10-01 15:18:49 +05:30
allow do
origins Gitlab.config.gitlab.url
resource '/api/*',
credentials: true,
headers: :any,
methods: :any,
2020-03-13 15:44:24 +05:30
expose: headers_to_expose
2016-10-01 15:18:49 +05:30
end
# Cross-origin requests must not have the session cookie available
2014-09-02 18:07:02 +05:30
allow do
origins '*'
2015-04-26 12:48:37 +05:30
resource '/api/*',
2016-10-01 15:18:49 +05:30
credentials: false,
2015-04-26 12:48:37 +05:30
headers: :any,
2015-10-24 18:46:33 +05:30
methods: :any,
2020-03-13 15:44:24 +05:30
expose: headers_to_expose
2014-09-02 18:07:02 +05:30
end
2021-03-11 19:13:27 +05:30
# Cross-origin requests must be enabled for the Authorization code with PKCE OAuth flow when used from a browser.
2021-09-04 01:27:46 +05:30
%w(/oauth/token /oauth/revoke).each do |oauth_path|
allow do
origins '*'
resource oauth_path,
headers: %w(Authorization),
credentials: false,
2022-07-23 23:45:48 +05:30
methods: %i(post options)
2021-09-04 01:27:46 +05:30
end
end
2022-08-13 15:12:31 +05:30
# Cross-origin requests must be enabled to fetch the self-managed application oauth application ID
# for the GitLab for Jira app.
allow do
origins '*'
resource '/-/jira_connect/oauth_application_id',
headers: :any,
methods: %i(get options),
credentials: false
end
2021-09-04 01:27:46 +05:30
# These are routes from doorkeeper-openid_connect:
# https://github.com/doorkeeper-gem/doorkeeper-openid_connect#routes
2021-03-11 19:13:27 +05:30
allow do
origins '*'
2021-09-04 01:27:46 +05:30
resource '/oauth/userinfo',
headers: %w(Authorization),
credentials: false,
2022-07-23 23:45:48 +05:30
methods: %i(get head post options)
2021-09-04 01:27:46 +05:30
end
%w(/oauth/discovery/keys /.well-known/openid-configuration /.well-known/webfinger).each do |openid_path|
allow do
origins '*'
resource openid_path,
2021-03-11 19:13:27 +05:30
credentials: false,
2021-09-04 01:27:46 +05:30
methods: %i(get head)
end
2021-03-11 19:13:27 +05:30
end
2014-09-02 18:07:02 +05:30
end
2015-04-26 12:48:37 +05:30
2017-09-10 17:25:29 +05:30
# Use caching across all environments
2021-11-18 22:05:49 +05:30
config.cache_store = :redis_cache_store, Gitlab::Redis::Cache.active_support_config
2015-04-26 12:48:37 +05:30
2015-12-23 02:04:40 +05:30
config.active_job.queue_adapter = :sidekiq
2021-12-07 22:27:20 +05:30
config.active_job.logger = nil
2021-12-11 22:18:48 +05:30
config.action_mailer.deliver_later_queue_name = :mailers
2015-12-23 02:04:40 +05:30
2015-04-26 12:48:37 +05:30
# This is needed for gitlab-shell
ENV['GITLAB_PATH_OUTSIDE_HOOK'] = ENV['PATH']
2017-08-17 22:00:37 +05:30
ENV['GIT_TERMINAL_PROMPT'] = '0'
2016-06-02 11:05:42 +05:30
2018-12-05 23:21:45 +05:30
# GitLab Read-only middleware support
2018-11-08 19:23:39 +05:30
config.middleware.insert_after ActionDispatch::Flash, ::Gitlab::Middleware::ReadOnly
2018-03-17 18:26:18 +05:30
2016-06-02 11:05:42 +05:30
config.generators do |g|
2018-03-17 18:26:18 +05:30
g.factory_bot false
2016-06-02 11:05:42 +05:30
end
2017-09-10 17:25:29 +05:30
2021-01-03 14:25:43 +05:30
# sprocket-rails adds some precompile assets we actually do not need.
#
# It copies all _non_ js and CSS files from the app/assets/ older.
#
# In our case this copies for example: Vue, Markdown and Graphql, which we do not need
# for production.
#
# We remove this default behavior and then reimplement it in order to consider ee/ as well
# and remove those other files we do not need.
#
# For reference: https://github.com/rails/sprockets-rails/blob/v3.2.1/lib/sprockets/railtie.rb#L84-L87
initializer :correct_precompile_targets, after: :set_default_precompile do |app|
app.config.assets.precompile.reject! { |entry| entry == Sprockets::Railtie::LOOSE_APP_ASSETS }
2021-09-30 23:02:18 +05:30
# if two files in assets are named the same, it'll likely resolve to the normal app/assets version.
# See https://gitlab.com/gitlab-jh/gitlab/-/merge_requests/27#note_609101582 for more details
asset_roots = []
if Gitlab.jh?
asset_roots << config.root.join("jh/app/assets").to_s
end
asset_roots << config.root.join("app/assets").to_s
2021-01-03 14:25:43 +05:30
if Gitlab.ee?
asset_roots << config.root.join("ee/app/assets").to_s
end
LOOSE_APP_ASSETS = lambda do |logical_path, filename|
filename.start_with?(*asset_roots) &&
!['.js', '.css', '.md', '.vue', '.graphql', ''].include?(File.extname(logical_path))
end
app.config.assets.precompile << LOOSE_APP_ASSETS
end
2020-04-08 14:13:33 +05:30
# This empty initializer forces the :let_zeitwerk_take_over initializer to run before we load
# initializers in config/initializers. This is done because autoloading before Zeitwerk takes
# over is deprecated but our initializers do a lot of autoloading.
# See https://gitlab.com/gitlab-org/gitlab/issues/197346 for more details
initializer :move_initializers, before: :load_config_initializers, after: :let_zeitwerk_take_over do
end
# We need this for initializers that need to be run before Zeitwerk is loaded
initializer :before_zeitwerk, before: :let_zeitwerk_take_over, after: :prepend_helpers_path do
Dir[Rails.root.join('config/initializers_before_autoloader/*.rb')].sort.each do |initializer|
load_config_initializer(initializer)
end
end
2021-09-30 23:02:18 +05:30
# Add assets for variants of GitLab. They should take precedence over CE.
# This means if multiple files exist, e.g.:
2021-01-03 14:25:43 +05:30
#
2021-09-30 23:02:18 +05:30
# jh/app/assets/stylesheets/example.scss
2021-01-03 14:25:43 +05:30
# ee/app/assets/stylesheets/example.scss
# app/assets/stylesheets/example.scss
#
2021-09-30 23:02:18 +05:30
# The jh/ version will be preferred.
2022-07-16 23:28:13 +05:30
initializer :prefer_specialized_assets, after: :append_assets_path, before: :build_middleware_stack do |app|
2021-09-30 23:02:18 +05:30
Gitlab.extensions.each do |extension|
2021-01-03 14:25:43 +05:30
%w[images javascripts stylesheets].each do |path|
2021-09-30 23:02:18 +05:30
app.config.assets.paths.unshift("#{config.root}/#{extension}/app/assets/#{path}")
2021-01-03 14:25:43 +05:30
end
end
end
2022-04-04 11:22:00 +05:30
2022-06-21 17:19:12 +05:30
# We run the contents of active_record.clear_active_connections again
# because we connect to database from routes
# https://github.com/rails/rails/blob/fdf840f69a2e33d78a9d40b91d9b7fddb76711e9/activerecord/lib/active_record/railtie.rb#L308
initializer :clear_active_connections_again, after: :set_routes_reloader_hook do
2022-07-16 23:28:13 +05:30
# rubocop:disable Database/MultipleDatabases
2022-06-21 17:19:12 +05:30
ActiveRecord::Base.clear_active_connections!
ActiveRecord::Base.flush_idle_connections!
2022-07-16 23:28:13 +05:30
# rubocop:enable Database/MultipleDatabases
2022-06-21 17:19:12 +05:30
end
2022-04-04 11:22:00 +05:30
# DO NOT PLACE ANY INITIALIZERS AFTER THIS.
config.after_initialize do
2022-08-27 11:52:29 +05:30
config.active_record.yaml_column_permitted_classes = [
Symbol, Date, Time,
BigDecimal, # https://gitlab.com/gitlab-org/gitlab/issues/368846
Gitlab::Diff::Position,
# Used in:
# app/models/concerns/diff_positionable_note.rb
# app/models/legacy_diff_note.rb: serialize :st_diff
ActiveSupport::HashWithIndifferentAccess,
# Used in ee/lib/ee/api/helpers.rb: send_git_archive
DeployToken,
ActiveModel::Attribute.const_get(:FromDatabase, false), # https://gitlab.com/gitlab-org/gitlab/-/issues/368072
# Used in app/services/web_hooks/log_execution_service.rb: log_execution
ActiveSupport::TimeWithZone,
ActiveSupport::TimeZone,
Gitlab::Color # https://gitlab.com/gitlab-org/gitlab/-/issues/368844
]
2022-04-04 11:22:00 +05:30
# on_master_start yields immediately in unclustered environments and runs
# when the primary process is done initializing otherwise.
Gitlab::Cluster::LifecycleEvents.on_master_start do
Gitlab::Metrics::BootTimeTracker.instance.track_boot_time!
Gitlab::Console.welcome!
end
end
2014-09-02 18:07:02 +05:30
end
end