diff options
| author | Steve Halasz <stevehalasz@gmail.com> | 2016-08-03 23:11:35 -0400 |
|---|---|---|
| committer | Steve Halasz <stevehalasz@gmail.com> | 2016-08-03 23:22:23 -0400 |
| commit | 7612f1c4c6df200778f32098fbccf654a858894d (patch) | |
| tree | 1da54750b3a1e52e9f122a3d409d2ac63b050218 | |
| parent | 532202a5278a622de874b9dfc1c4f7fe9ddf5ce4 (diff) | |
| download | gitlab-ce-7612f1c4c6df200778f32098fbccf654a858894d.tar.gz | |
Document that webhook secret token is sent in X-Gitlab-Token HTTP header
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/views/shared/web_hooks/_form.html.haml | 2 | ||||
| -rw-r--r-- | doc/web_hooks/web_hooks.md | 4 |
3 files changed, 6 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index 73812e16d6f..4871a5ad0d0 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -59,6 +59,7 @@ v 8.11.0 (unreleased) - Fix RequestProfiler::Middleware error when code is reloaded in development - Catch what warden might throw when profiling requests to re-throw it - Speed up and reduce memory usage of Commit#repo_changes, Repository#expire_avatar_cache and IrkerWorker + - Document that webhook secret token is sent in X-Gitlab-Token HTTP header v 8.10.3 - Fix Import/Export issue importing milestones and labels not associated properly. !5426 diff --git a/app/views/shared/web_hooks/_form.html.haml b/app/views/shared/web_hooks/_form.html.haml index 2585ed9360b..470dac6d75b 100644 --- a/app/views/shared/web_hooks/_form.html.haml +++ b/app/views/shared/web_hooks/_form.html.haml @@ -19,7 +19,7 @@ = f.label :token, "Secret Token", class: 'label-light' = f.text_field :token, class: "form-control", placeholder: '' %p.help-block - Use this token to validate received payloads + Use this token to validate received payloads. It will be sent with the request in the X-Gitlab-Token HTTP header. .form-group = f.label :url, "Trigger", class: 'label-light' %ul.list-unstyled diff --git a/doc/web_hooks/web_hooks.md b/doc/web_hooks/web_hooks.md index 8559b67af04..d4b28d875cd 100644 --- a/doc/web_hooks/web_hooks.md +++ b/doc/web_hooks/web_hooks.md @@ -26,6 +26,10 @@ GitLab webhooks keep in mind the following things: you are writing a low-level hook this is important to remember. - GitLab ignores the HTTP status code returned by your endpoint. +## Secret Token + +If you specify a secret token, it will be sent with the hook request in the `X-Gitlab-Token` HTTP header. Your webhook endpoint can check that to verify that the request is legitimate. + ## SSL Verification By default, the SSL certificate of the webhook endpoint is verified based on |