Commit 46ea58a0 authored by Dylan Griffith's avatar Dylan Griffith

Merge branch 'add-retry-after-header-rackattack' into 'master'

Set Retry-After header when RackAttack throttling

See merge request gitlab-org/gitlab!48310
parents 5d8150fe 6a5182b7
---
title: Set Retry-After header when RackAttack throttling
merge_request: 48310
author:
type: fixed
...@@ -11,6 +11,7 @@ RSpec.describe Gitlab::RackAttack, :aggregate_failures do ...@@ -11,6 +11,7 @@ RSpec.describe Gitlab::RackAttack, :aggregate_failures do
stub_const("Rack::Attack", fake_rack_attack) stub_const("Rack::Attack", fake_rack_attack)
stub_const("Rack::Attack::Request", fake_rack_attack_request) stub_const("Rack::Attack::Request", fake_rack_attack_request)
expect(fake_rack_attack).to receive(:throttled_response_retry_after_header=).with(true)
allow(fake_rack_attack).to receive(:throttle) allow(fake_rack_attack).to receive(:throttle)
allow(fake_rack_attack).to receive(:track) allow(fake_rack_attack).to receive(:track)
allow(fake_rack_attack).to receive(:safelist) allow(fake_rack_attack).to receive(:safelist)
......
...@@ -7,6 +7,8 @@ module Gitlab ...@@ -7,6 +7,8 @@ module Gitlab
def self.configure(rack_attack) def self.configure(rack_attack)
# This adds some methods used by our throttles to the `Rack::Request` # This adds some methods used by our throttles to the `Rack::Request`
rack_attack::Request.include(Gitlab::RackAttack::Request) rack_attack::Request.include(Gitlab::RackAttack::Request)
# Send the Retry-After header so clients (e.g. python-gitlab) can make good choices about delays
Rack::Attack.throttled_response_retry_after_header = true
# Configure the throttles # Configure the throttles
configure_throttles(rack_attack) configure_throttles(rack_attack)
end end
......
...@@ -22,6 +22,8 @@ RSpec.describe Gitlab::RackAttack, :aggregate_failures do ...@@ -22,6 +22,8 @@ RSpec.describe Gitlab::RackAttack, :aggregate_failures do
stub_const("Rack::Attack", fake_rack_attack) stub_const("Rack::Attack", fake_rack_attack)
stub_const("Rack::Attack::Request", fake_rack_attack_request) stub_const("Rack::Attack::Request", fake_rack_attack_request)
# Expect rather than just allow, because this is actually fairly important functionality
expect(fake_rack_attack).to receive(:throttled_response_retry_after_header=).with(true)
allow(fake_rack_attack).to receive(:throttle) allow(fake_rack_attack).to receive(:throttle)
allow(fake_rack_attack).to receive(:track) allow(fake_rack_attack).to receive(:track)
allow(fake_rack_attack).to receive(:safelist) allow(fake_rack_attack).to receive(:safelist)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment