A method to download images uploaded to a wiki

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem to solve

After the "Improper Enforcement of Token Scope" fix in security release 11.5.1, it's no longer possible to access wiki images using just an authorization token. There's no API endpoint for downloading uploaded files.

Proposal

Since files are uploaded by posting to /projects/:id/wikis/attachments, it seems logical to be able to retrieve them from /projects/:id/wikis/attachments/<path> via GET. So if an image is accessible at https://gitlab.example.net/:owner/:project/wikis/uploads/6a061c4cf9f1c28cb22c384b4b8d4e3c/dk.png through the web UI, it can be downloaded at https://gitlab.example.net/api/v4/projects/:id/wikis/attachments/uploads/6a061c4cf9f1c28cb22c384b4b8d4e3c/dk.png.

Permissions and Security

Retrieval of files attached to a wiki page should require the same permissions as retrieval of the page itself.