opendev
/
gerrit
Code Issues Proposed changes

Don't serve polygerrit assets for git requests 

After migration to PolyGerrit routes are mounted at the root
of the gerrit URL. Particularly these path prefixes are reserved:

  "/c/"
  "/id/"
  "/p/"
  "/q/"
  "/x/"

and would collide with project namespaces, so that the project with
these prefixes cannot be served with Git over HTTP protocol.

Particularly, the /x prefix restriction is very painful, because quite
some gerrit users in the wild are using this prefix in their project
names and have problem to update to newer Gerrit releases.

To rectify exclude the serving of PolyGerrit assets for git requests.

Bug: Issue 13721
Change-Id: Ieb6e9ddab1383fad32ae1763e3a19f03d3a46d01
This commit is contained in:
David Ostrovsky 2020-11-25 20:56:54 +01:00
parent e85209051d
commit b1f4115304
2 changed files with 32 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
java/com/google/gerrit/httpd/XsrfCookieFilter.java
View File

@ -32,6 +32,7 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jgit.http.server.GitSmartHttpTools;
@Singleton
public class XsrfCookieFilter implements Filter {
@ -50,8 +51,11 @@ public class XsrfCookieFilter implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse rsp, FilterChain chain)
throws IOException, ServletException {
WebSession s = user.get().isIdentifiedUser() ? session.get() : null;
setXsrfTokenCookie((HttpServletRequest) req, (HttpServletResponse) rsp, s);
HttpServletRequest httpRequest = (HttpServletRequest) req;
if (!GitSmartHttpTools.isGitClient(httpRequest)) {
WebSession s = user.get().isIdentifiedUser() ? session.get() : null;
setXsrfTokenCookie(httpRequest, (HttpServletResponse) rsp, s);
}
chain.doFilter(req, rsp);
}

49
java/com/google/gerrit/httpd/raw/StaticModule.java
View File

@ -54,6 +54,7 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jgit.http.server.GitSmartHttpTools;
import org.eclipse.jgit.lib.Config;
public class StaticModule extends ServletModule {
@ -405,32 +406,34 @@ public class StaticModule extends ServletModule {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
GuiceFilterRequestWrapper reqWrapper = new GuiceFilterRequestWrapper(req);
String path = pathInfo(req);
if (!GitSmartHttpTools.isGitClient(req)) {
GuiceFilterRequestWrapper reqWrapper = new GuiceFilterRequestWrapper(req);
String path = pathInfo(req);
// Special case assets during development that are built by Bazel and not
// served out of the source tree.
//
// In the war case, these are either inlined, or live under
// /polygerrit_ui in the war file, so we can just treat them as normal
// assets.
if (paths.isDev()) {
if (path.startsWith("/bower_components/")) {
bowerComponentServlet.service(reqWrapper, res);
return;
} else if (path.startsWith("/fonts/")) {
fontServlet.service(reqWrapper, res);
// Special case assets during development that are built by Bazel and not
// served out of the source tree.
//
// In the war case, these are either inlined, or live under
// /polygerrit_ui in the war file, so we can just treat them as normal
// assets.
if (paths.isDev()) {
if (path.startsWith("/bower_components/")) {
bowerComponentServlet.service(reqWrapper, res);
return;
} else if (path.startsWith("/fonts/")) {
fontServlet.service(reqWrapper, res);
return;
}
}
if (isPolyGerritIndex(path)) {
polyGerritIndex.service(reqWrapper, res);
return;
}
if (isPolyGerritAsset(path)) {
polygerritUI.service(reqWrapper, res);
return;
}
}
if (isPolyGerritIndex(path)) {
polyGerritIndex.service(reqWrapper, res);
return;
}
if (isPolyGerritAsset(path)) {
polygerritUI.service(reqWrapper, res);
return;
}
chain.doFilter(req, res);