Skip to content
  • Jacob Vosmaer 👋 @jacobvosmaer-gitlab ·
    Author Contributor

    I think what we should verify is:

    • method POST
    • resource /api/v4/internal/allowed
    • Content-Type: application/x-www-form-urlencoded
    • the actual form data

    Note that the form data is based on:

    • two lines of stdin in pre-receive format
    • environment variables: GL_REPOSITORY=project-28, GL_ID=key-1 GL_PROTOCOL=ssh
    • quarantine variables GIT_ALTERNATE_OBJECT_DIRECTORIES and GIT_OBJECT_DIRECTORY, plus _RELATIVE variants which are based on current working directory of the hook
    • contents of secret token file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment