Allow bot account to clone through http (#219551)

Review changes
Download
Patches
Plain diff

Philippe Vienne requested to merge smartfire-company/gitlab:fix/219551_project_token_http into master Aug 27, 2020

Overview 20
Commits 3
Pipelines 4
Changes 3

What does this MR do?

This is a try to fix #219551 (closed)

Does this MR meet the acceptance criteria?

Conformity

Changelog entry
Documentation (if required)
Code review guidelines
Merge request performance guidelines
Style guides
Database guides
Separation of EE specific content

Availability and Testing

Maybe adding spec test related to Project Access Token can be good.

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

This MR requires a check about what it allows or deny user with a project access token to do.

Edited Sep 16, 2020 by Philippe Vienne

Merge request reports

Assignee Loading

Reviewers Loading

Request review from

Loading

Time tracking Loading

Loading