Ability to disable public access to /search endpoint
Release notes
Problem to solve
/search endpoint is publicly reachable and is non-configurable, which causes concern for leakage.
block_anonymous_global_searches can be used to block access but can still be bypassed using project_id and/or group_id
Proposal
Have an admin configurable option to disable public access to the /search endpoint without authentication, similar to the Gitlab UI search permission requirement
Intended users
- Security teams
- CISO
- Admin Teams
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.