Support download access by PRIVATE-TOKEN header (!2522) · Merge requests · GitLab.org / GitLab FOSS

Stan Hu requested to merge stanhu/gitlab-ce:support-token-retrieval-by-headers into master Jan 20, 2016

Currently there is no way to download a raw file without embedding the token in the URL, which exposes the token in the URL and exposes a security issue. There should be an way of sending this information via the header as the API does.

Closes https://github.com/gitlabhq/gitlabhq/issues/8137

Support download access by PRIVATE-TOKEN header

Merge request reports