Validate instance_id and gitlab_realm headers
What does this merge request do and why?
Validate instance_id and gitlab_realm headers
Checks content of these headers against JWT claims (where we already include this information too). The purpose is to verify that headers are not spoofed.
Related to https://gitlab.com/gitlab-org/modelops/applied-ml/code-suggestions/ai-assist/-/issues/433
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
Merge request checklist
-
Tests added for new functionality. If not, please raise an issue to follow up. -
Documentation added/updated, if needed.
Edited by Jan Provaznik