[go: up one dir, main page]

Web IDE WebSocket 404 errors due to CDN Origin not in allowed origins

Summary

WebSocket connections in the Web IDE fail with 404 errors due to mismatched Origin headers from the Web IDE CDN (*.cdn.web-ide.gitlab-static.net).

This is related to the ActionCable allowed origins configuration introduced to fix websocket issues in Geo environments, see #579074 (comment 2922948141)

I am unsure if WebSockets are used in the Web IDE - if they are then we should address this.

Steps to reproduce

  1. Navigate to any project and open the Web IDE
  2. Open browser Developer Tools and check the Network tab
  3. Observe WebSocket connection attempts to /-/cable

Example Project

This can be reproduced on any GitLab project when using the Web IDE.

What is the current bug behavior?

WebSocket connections from the Web IDE fail with 404 errors. The logs show:

{"backend_id":"rails","content_type":"text/plain; charset=utf-8","correlation_id":"01KBBXH5DM6ZTH553VDHC3BATN","duration_ms":26,"host":"unified.example.com","level":"info","method":"GET","msg":"access","proto":"HTTP/1.1","read_bytes":1340,"referrer":"","remote_addr":"x.x.x.x:0","remote_ip":"x.x.x.x","route":"^/-/cable\\z","route_id":"action_cable","status":404,"system":"http","time":"2025-12-01T02:58:06Z","ttfb_ms":26,"uri":"/-/cable","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36","written_bytes":14}

Also see https://log.gprd.gitlab.net/app/r/s/sDdTA, although I cannot confirm if all of these requests are related to the Web IDE.

The Web IDE sends requests with an Origin header from *.cdn.web-ide.gitlab-static.net, which is not included in the ActionCable allowed origins configuration.

What is the expected correct behavior?

WebSocket connections from the Web IDE should succeed.

Relevant logs and/or screenshots

Screenshot 2025-12-02 at 11.44.01 AM.png

Workhorse logs showing 404 responses for /-/cable requests from the Web IDE.

Output of checks

This bug happens on GitLab.com and self-managed

Possible fixes

The Web IDE uses a CDN with origins like *.cdn.web-ide.gitlab-static.net.

Do we need to allow this origin in config/initializers/action_cable.rb#L10?

Related to #579074 and !212819 (closed).

Edited by 🤖 GitLab Bot 🤖