Add CSRF token verification to API
In order to let our frontend part work properly with our API endpoints, we have to add an ability to send POST/PUT/PATCH requests without PRIVATE-TOKEN
header set.
As a variant, we can set X-CSRF-TOKEN
header in the frontend and then check it in the backend (API) like we do it in controllers' actions now.
Related issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/32046
Edited by blackst0ne