diff options
author | David Ostrovsky <david@ostrovsky.org> | 2020-11-25 20:56:54 +0100 |
---|---|---|
committer | David Ostrovsky <david@ostrovsky.org> | 2021-05-17 19:53:56 +0200 |
commit | b1f4115304a3820be434a6201da57e4508862f82 (patch) | |
tree | 4e70606e7f32c753f28c02120c57863e0d5d2e66 | |
parent | e85209051d3ba118e339f076b2ffee14d042a151 (diff) |
Don't serve polygerrit assets for git requests
After migration to PolyGerrit routes are mounted at the root
of the gerrit URL. Particularly these path prefixes are reserved:
"/c/"
"/id/"
"/p/"
"/q/"
"/x/"
and would collide with project namespaces, so that the project with
these prefixes cannot be served with Git over HTTP protocol.
Particularly, the /x prefix restriction is very painful, because quite
some gerrit users in the wild are using this prefix in their project
names and have problem to update to newer Gerrit releases.
To rectify exclude the serving of PolyGerrit assets for git requests.
Bug: Issue 13721
Change-Id: Ieb6e9ddab1383fad32ae1763e3a19f03d3a46d01
-rw-r--r-- | java/com/google/gerrit/httpd/XsrfCookieFilter.java | 8 | ||||
-rw-r--r-- | java/com/google/gerrit/httpd/raw/StaticModule.java | 47 |
2 files changed, 31 insertions, 24 deletions
diff --git a/java/com/google/gerrit/httpd/XsrfCookieFilter.java b/java/com/google/gerrit/httpd/XsrfCookieFilter.java index d15ecacd59..079efa4023 100644 --- a/java/com/google/gerrit/httpd/XsrfCookieFilter.java +++ b/java/com/google/gerrit/httpd/XsrfCookieFilter.java @@ -32,6 +32,7 @@ import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.eclipse.jgit.http.server.GitSmartHttpTools; @Singleton public class XsrfCookieFilter implements Filter { @@ -50,8 +51,11 @@ public class XsrfCookieFilter implements Filter { @Override public void doFilter(ServletRequest req, ServletResponse rsp, FilterChain chain) throws IOException, ServletException { - WebSession s = user.get().isIdentifiedUser() ? session.get() : null; - setXsrfTokenCookie((HttpServletRequest) req, (HttpServletResponse) rsp, s); + HttpServletRequest httpRequest = (HttpServletRequest) req; + if (!GitSmartHttpTools.isGitClient(httpRequest)) { + WebSession s = user.get().isIdentifiedUser() ? session.get() : null; + setXsrfTokenCookie(httpRequest, (HttpServletResponse) rsp, s); + } chain.doFilter(req, rsp); } diff --git a/java/com/google/gerrit/httpd/raw/StaticModule.java b/java/com/google/gerrit/httpd/raw/StaticModule.java index 0d4c67e8ee..7f2161d4b2 100644 --- a/java/com/google/gerrit/httpd/raw/StaticModule.java +++ b/java/com/google/gerrit/httpd/raw/StaticModule.java @@ -54,6 +54,7 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import javax.servlet.http.HttpServletResponse; +import org.eclipse.jgit.http.server.GitSmartHttpTools; import org.eclipse.jgit.lib.Config; public class StaticModule extends ServletModule { @@ -405,34 +406,36 @@ public class StaticModule extends ServletModule { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; - GuiceFilterRequestWrapper reqWrapper = new GuiceFilterRequestWrapper(req); - String path = pathInfo(req); + if (!GitSmartHttpTools.isGitClient(req)) { + GuiceFilterRequestWrapper reqWrapper = new GuiceFilterRequestWrapper(req); + String path = pathInfo(req); - // Special case assets during development that are built by Bazel and not - // served out of the source tree. - // - // In the war case, these are either inlined, or live under - // /polygerrit_ui in the war file, so we can just treat them as normal - // assets. - if (paths.isDev()) { - if (path.startsWith("/bower_components/")) { - bowerComponentServlet.service(reqWrapper, res); + // Special case assets during development that are built by Bazel and not + // served out of the source tree. + // + // In the war case, these are either inlined, or live under + // /polygerrit_ui in the war file, so we can just treat them as normal + // assets. + if (paths.isDev()) { + if (path.startsWith("/bower_components/")) { + bowerComponentServlet.service(reqWrapper, res); + return; + } else if (path.startsWith("/fonts/")) { + fontServlet.service(reqWrapper, res); + return; + } + } + + if (isPolyGerritIndex(path)) { + polyGerritIndex.service(reqWrapper, res); return; - } else if (path.startsWith("/fonts/")) { - fontServlet.service(reqWrapper, res); + } + if (isPolyGerritAsset(path)) { + polygerritUI.service(reqWrapper, res); return; } } - if (isPolyGerritIndex(path)) { - polyGerritIndex.service(reqWrapper, res); - return; - } - if (isPolyGerritAsset(path)) { - polygerritUI.service(reqWrapper, res); - return; - } - chain.doFilter(req, res); } |