Add authentication to markdown API
What does this MR do and why?
Now require user to be logged into GitLab in order to use the Markdown REST API endpoint, https://docs.gitlab.com/ee/api/markdown.html
This can be turned off by disabling the operational feature flag, authenticate_markdown_api
How to set up and validate locally
If you try against gitlab.com, the following should work and return HTML:
curl --header Content-Type:application/json --data '{"text":"Hello world!"}' "https://gitlab.com/api/v4/markdown"
Using your local instance, like this
curl --header Content-Type:application/json --data '{"text":"Hello world!"}' "http://localhost:3000/api/v4/markdown"
you should get {"message":"401 Unauthorized"}
returned.
You can disable the feature flag by using Feature.disable(:authenticate_markdown_api, type: 'ops')
in the Rails console
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #369369 (closed)
Edited by Brett Walker