Skip to content

API safeties

Jacob Vosmaer (GitLab) requested to merge api-response-content-type into master

Increase security and sanity checks to allow for new features.

  • ability to exchange signed information with gitlab-rails via a shared secret
  • content-type checks to prevent leaking internal API data

Signed messages are implemented using JWT. To make this possible we vendor the jwt-go library.

Companion MR in gitlab-rails: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5907

Merge request reports