A method to download images uploaded to a wiki
Problem to solve
After the "Improper Enforcement of Token Scope" fix in security release 11.5.1, it's no longer possible to access wiki images using just an authorization token. There's no API endpoint for downloading uploaded files.
Proposal
Since files are uploaded by posting to /projects/:id/wikis/attachments
, it seems logical to be able to retrieve them from /projects/:id/wikis/attachments/<path>
via GET. So if an image is accessible at https://gitlab.example.net/:owner/:project/wikis/uploads/6a061c4cf9f1c28cb22c384b4b8d4e3c/dk.png
through the web UI, it can be downloaded at https://gitlab.example.net/api/v4/projects/:id/wikis/attachments/uploads/6a061c4cf9f1c28cb22c384b4b8d4e3c/dk.png
.
Permissions and Security
Retrieval of files attached to a wiki page should require the same permissions as retrieval of the page itself.