API safeties (!60) · Merge requests · GitLab.org / gitlab-workhorse · GitLab

This is an archived project. Repository and other project resources are read-only.

Jacob Vosmaer requested to merge api-response-content-type into master Aug 19, 2016

Increase security and sanity checks to allow for new features.

ability to exchange signed information with gitlab-rails via a shared secret
content-type checks to prevent leaking internal API data

Signed messages are implemented using JWT. To make this possible we vendor the jwt-go library.

Companion MR in gitlab-rails: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5907