Fix the X-Gitlab-Token always being displaying in webhook logs

Luke Duncalferequested to merge
ld-fix-X-GitLab-Token-always-present-in-request_headers into master

What does this MR do and why?

Previously we would always display webhook logs with the X-Gitlab-Token request header.

This change fixes our redaction to only amend the existing header rather than add it.

Screen captures

master This branch
image image

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. Create a project webhook that has no Secret Token.
  2. Test the hook to create a new webhook log
  3. View the web hook recent events in the UI.

On master the request will have a X-Gitlab-Token header. On this branch, it won't.

Add a secret token to the project hook and re-test. View that event. It will have a X-Gitlab-Token header.

Edited by Luke Duncalfe

Merge request reports