diff options
| author | Rémy Coutable <remy@gitlab.com> | 2016-09-19 13:04:04 +0000 |
|---|---|---|
| committer | Rémy Coutable <remy@gitlab.com> | 2016-09-19 13:04:04 +0000 |
| commit | ba7c36852528822daeb3b40e9519251c80ef120f (patch) | |
| tree | 09ab887b8630e235b9c56303ceb4828d386312f0 /doc/gitlab-basics/add-merge-request.md | |
| parent | 187dd50f881ffced6484ba1b7ffd419b92cda151 (diff) | |
| parent | 5d1b616eba6040a9a51fee057c2edc24a5be9832 (diff) | |
| download | gitlab-ce-ba7c36852528822daeb3b40e9519251c80ef120f.tar.gz | |
Merge branch '18302-use-rails-cookie-in-api' into 'master'
Allow the Rails cookie to be used for API authentication
Makes the Rails cookie into a valid authentication token for the Grape
API, and uses it instead of token authentication in frontend code that
uses the API.
Rendering the private token into client-side javascript is a security
risk; it may be stolen through XSS or other attacks. In general,
re-using API code in the frontend is more desirable than implementing
endless actions that return JSON.
Closes #18302
See merge request !1995
Diffstat (limited to 'doc/gitlab-basics/add-merge-request.md')
0 files changed, 0 insertions, 0 deletions