Add authentication to markdown API (!93727) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Now require user to be logged into GitLab in order to use the Markdown REST API endpoint, https://docs.gitlab.com/ee/api/markdown.html

This can be turned off by disabling the operational feature flag, authenticate_markdown_api

How to set up and validate locally

If you try against gitlab.com, the following should work and return HTML:

curl --header Content-Type:application/json --data '{"text":"Hello world!"}' "https://gitlab.com/api/v4/markdown"

Using your local instance, like this

curl --header Content-Type:application/json --data '{"text":"Hello world!"}' "http://localhost:3000/api/v4/markdown"

you should get {"message":"401 Unauthorized"} returned.

You can disable the feature flag by using Feature.disable(:authenticate_markdown_api, type: 'ops') in the Rails console

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #369369 (closed)

Edited Aug 08, 2022 by Brett Walker

Add authentication to markdown API

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports