Make it harder to delete issuables accidentally
Previously submitting a DELETE request to an issuable (e.g. merge request, issue, etc.)
URL would be enough to destroy it, but this should require human confirmation. We
now require that the destroy_confirm
parameter is set to a truthy
value before this can complete.
In addition, we log a Sentry error if a deletion arrived without confirmation.
Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/62387
EE port: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/15794
Edited by Michael Kozono