FEATURE: Allow oneboxing private GitHub URLs (#27705)

This commit adds the ability to onebox private GitHub commits, pull requests, issues, blobs, and actions using a new `github_onebox_access_token` site setting. The token must be set up in correctly to have access to the repos needed. To do this successfully with the Oneboxer, we need to skip redirects on the github.com host, otherwise we get a 404 on the URL before it is translated into a GitHub API URL and has the appropriate headers added.
2025-05-31 22:35:03 +08:00 · 2024-07-10 09:39:31 +10:00
parent 8c038d9498
commit 560e8aff75
17 changed files with 187 additions and 39 deletions
--- a/lib/oneboxer.rb
+++ b/lib/oneboxer.rb
@ -681,6 +681,14 @@ module Oneboxer

    uri = URI(url)

+    # For private GitHub repos, we get a 404 when trying to use
+    # FinalDestination to request the final URL because no auth headers
+    # are sent. In this case we can ignore redirects and go straight to
+    # using Onebox.preview
+    if SiteSetting.github_onebox_access_token.present? && uri.hostname == "github.com"
+      fd_options[:ignore_redirects] << "https://github.com"
+    end
+
    strategy = Oneboxer.ordered_strategies(uri.hostname).shift if strategy.blank?

    if strategy && Oneboxer.strategies[strategy][:force_get_host]