Validate instance_id and gitlab_realm headers (!775) · Merge requests · GitLab.org / ModelOps / AI Assisted (formerly Applied ML) / Code Suggestions / AI Gateway

Jan Provaznik requested to merge jp-header-check into main Apr 30, 2024

What does this merge request do and why?

Validate instance_id and gitlab_realm headers

Checks content of these headers against JWT claims (where we already include this information too). The purpose is to verify that headers are not spoofed.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Merge request checklist

Tests added for new functionality. If not, please raise an issue to follow up.
Documentation added/updated, if needed.

Edited May 07, 2024 by Jan Provaznik

Validate instance_id and gitlab_realm headers

What does this merge request do and why?

How to set up and validate locally

Merge request checklist

Merge request reports