Skip to content
Snippets Groups Projects
Commit 727dff3f authored by Timothy Andrew's avatar Timothy Andrew
Browse files

Don't expose a user's private token in the `/api/v3/user` API. 

- This would allow anyone with a personal access token (even a read-only
  token, once scopes are implemented) to escalate their access by
  obtaining the private token.
parent 4d042afe
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment