Send Authorization header beside of X-Gitlab-Token for webhooks
What does this MR do and why?
Send Authorization header beside of X-Gitlab-Token for webhooks
Nowadays the Secret Token defined e.g., within System Hook is sent as X-GitLab-Token. However,to use this custom processing becomes required on receiver side as typically the Authorization header is used. This change just adds the Authorization header with the same content as the X-GitLab-Token to simplify the work on the receiver end.
Related #17290 (closed)
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
- Set up a webhook receiver, e.g. https://buz.dev/
git clone https://github.com/silverton-io/buz
cd buz
make run
- Enable a System Hook without Secret token pointing to http://localhost:8080/webhook
- Add a user to a project
- Check you received some info
- Set Secret token to
Basic YnV6OmJ1enp6enp6eg==
within System Hook settings and enable auth within buzconfig.yml
, see https://github.com/silverton-io/buz/blob/main/examples/devel/buz/simple.conf.yml#L41 - Receiving systemhook works
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.