Don't serve polygerrit assets for git requests

After migration to PolyGerrit routes are mounted at the root of the gerrit URL. Particularly these path prefixes are reserved: "/c/" "/id/" "/p/" "/q/" "/x/" and would collide with project namespaces, so that the project with these prefixes cannot be served with Git over HTTP protocol. Particularly, the /x prefix restriction is very painful, because quite some gerrit users in the wild are using this prefix in their project names and have problem to update to newer Gerrit releases. To rectify exclude the serving of PolyGerrit assets for git requests. Bug: Issue 13721 Change-Id: Ieb6e9ddab1383fad32ae1763e3a19f03d3a46d01
author: David Ostrovsky <david@ostrovsky.org> 2020-11-25 20:56:54 +0100
committer: David Ostrovsky <david@ostrovsky.org> 2021-05-17 19:53:56 +0200
commit: b1f4115304a3820be434a6201da57e4508862f82 (patch)
tree: 4e70606e7f32c753f28c02120c57863e0d5d2e66
parent: e85209051d3ba118e339f076b2ffee14d042a151 (diff)
2 files changed, 31 insertions, 24 deletions
diff --git a/java/com/google/gerrit/httpd/XsrfCookieFilter.java b/java/com/google/gerrit/httpd/XsrfCookieFilter.java
index d15ecacd59..079efa4023 100644
--- a/java/com/google/gerrit/httpd/XsrfCookieFilter.java
+++ b/java/com/google/gerrit/httpd/XsrfCookieFilter.java
@@ -32,6 +32,7 @@ import javax.servlet.ServletResponse;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import org.eclipse.jgit.http.server.GitSmartHttpTools;
 
 @Singleton
 public class XsrfCookieFilter implements Filter {
@@ -50,8 +51,11 @@ public class XsrfCookieFilter implements Filter {
   @Override
   public void doFilter(ServletRequest req, ServletResponse rsp, FilterChain chain)
       throws IOException, ServletException {
-    WebSession s = user.get().isIdentifiedUser() ? session.get() : null;
-    setXsrfTokenCookie((HttpServletRequest) req, (HttpServletResponse) rsp, s);
+    HttpServletRequest httpRequest = (HttpServletRequest) req;
+    if (!GitSmartHttpTools.isGitClient(httpRequest)) {
+      WebSession s = user.get().isIdentifiedUser() ? session.get() : null;
+      setXsrfTokenCookie(httpRequest, (HttpServletResponse) rsp, s);
+    }
     chain.doFilter(req, rsp);
   }
 
diff --git a/java/com/google/gerrit/httpd/raw/StaticModule.java b/java/com/google/gerrit/httpd/raw/StaticModule.java
index 0d4c67e8ee..7f2161d4b2 100644
--- a/java/com/google/gerrit/httpd/raw/StaticModule.java
+++ b/java/com/google/gerrit/httpd/raw/StaticModule.java
@@ -54,6 +54,7 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
+import org.eclipse.jgit.http.server.GitSmartHttpTools;
 import org.eclipse.jgit.lib.Config;
 
 public class StaticModule extends ServletModule {
@@ -405,34 +406,36 @@ public class StaticModule extends ServletModule {
       HttpServletRequest req = (HttpServletRequest) request;
       HttpServletResponse res = (HttpServletResponse) response;
 
-      GuiceFilterRequestWrapper reqWrapper = new GuiceFilterRequestWrapper(req);
-      String path = pathInfo(req);
+      if (!GitSmartHttpTools.isGitClient(req)) {
+        GuiceFilterRequestWrapper reqWrapper = new GuiceFilterRequestWrapper(req);
+        String path = pathInfo(req);
 
-      // Special case assets during development that are built by Bazel and not
-      // served out of the source tree.
-      //
-      // In the war case, these are either inlined, or live under
-      // /polygerrit_ui in the war file, so we can just treat them as normal
-      // assets.
-      if (paths.isDev()) {
-        if (path.startsWith("/bower_components/")) {
-          bowerComponentServlet.service(reqWrapper, res);
+        // Special case assets during development that are built by Bazel and not
+        // served out of the source tree.
+        //
+        // In the war case, these are either inlined, or live under
+        // /polygerrit_ui in the war file, so we can just treat them as normal
+        // assets.
+        if (paths.isDev()) {
+          if (path.startsWith("/bower_components/")) {
+            bowerComponentServlet.service(reqWrapper, res);
+            return;
+          } else if (path.startsWith("/fonts/")) {
+            fontServlet.service(reqWrapper, res);
+            return;
+          }
+        }
+
+        if (isPolyGerritIndex(path)) {
+          polyGerritIndex.service(reqWrapper, res);
           return;
-        } else if (path.startsWith("/fonts/")) {
-          fontServlet.service(reqWrapper, res);
+        }
+        if (isPolyGerritAsset(path)) {
+          polygerritUI.service(reqWrapper, res);
           return;
         }
       }
 
-      if (isPolyGerritIndex(path)) {
-        polyGerritIndex.service(reqWrapper, res);
-        return;
-      }
-      if (isPolyGerritAsset(path)) {
-        polygerritUI.service(reqWrapper, res);
-        return;
-      }
-
       chain.doFilter(req, res);
     }
author	David Ostrovsky <david@ostrovsky.org>	2020-11-25 20:56:54 +0100
committer	David Ostrovsky <david@ostrovsky.org>	2021-05-17 19:53:56 +0200
commit	b1f4115304a3820be434a6201da57e4508862f82 (patch)
tree	4e70606e7f32c753f28c02120c57863e0d5d2e66
parent	e85209051d3ba118e339f076b2ffee14d042a151 (diff)