Security and safety improvements for gitlab-workhorse integration
Companion to gitlab-workhorse!60 (merged)
- Use a custom content type when sending data to gitlab-workhorse
- Verify (using JWT and a shared secret on disk) that internal API requests came from gitlab-workhorse
This will allow us to build features in gitlab-workhorse that require more trust, and protect us against programming mistakes in the future.
This is designed so that no action is required for installations from source. For omnibus-gitlab we need to add code that manages the shared secret.