Skip to content

Send Authorization header beside of X-Gitlab-Token for webhooks

Roger Meier requested to merge gitlab-community/gitlab:feat/webhooks-send-Authorization-beside-of-X-Gitlab-Token into master

What does this MR do and why?

Send Authorization header beside of X-Gitlab-Token for webhooks

Nowadays the Secret Token defined e.g., within System Hook is sent as X-GitLab-Token. However,to use this custom processing becomes required on receiver side as typically the Authorization header is used. This change just adds the Authorization header with the same content as the X-GitLab-Token to simplify the work on the receiver end.

Related #17290 (closed)

🛠 with at Siemens

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

  1. Set up a webhook receiver, e.g. https://buz.dev/
    • git clone https://github.com/silverton-io/buz
    • cd buz
    • make run
  2. Enable a System Hook without Secret token pointing to http://localhost:8080/webhook
  3. Add a user to a project
  4. Check you received some info
  5. Set Secret token to Basic YnV6OmJ1enp6enp6eg== within System Hook settings and enable auth within buz config.yml, see https://github.com/silverton-io/buz/blob/main/examples/devel/buz/simple.conf.yml#L41
  6. Receiving systemhook works

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Roger Meier

Merge request reports