diff options
author | Rémy Coutable <remy@gitlab.com> | 2016-09-19 16:04:04 +0300 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-09-19 16:56:29 +0300 |
commit | d14c8b16c6f8d38055a608ec325781f0ef657eb2 (patch) | |
tree | aa76db95f915caf96a34b9e36beb6bc2a2e66b69 /CHANGELOG | |
parent | a73c6c42a8257e07e0982a19b003f4c5852eaede (diff) |
Merge branch '18302-use-rails-cookie-in-api' into 'master'
Allow the Rails cookie to be used for API authentication
Makes the Rails cookie into a valid authentication token for the Grape
API, and uses it instead of token authentication in frontend code that
uses the API.
Rendering the private token into client-side javascript is a security
risk; it may be stolen through XSS or other attacks. In general,
re-using API code in the frontend is more desirable than implementing
endless actions that return JSON.
Closes #18302
See merge request !1995
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'CHANGELOG')
-rw-r--r-- | CHANGELOG | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index db99c37af4a..45ce2d2bdd6 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ Please view this file on the master branch, on stable branches it's out of date. +v 8.9.10 + - Allow the Rails cookie to be used for API authentication. + v 8.9.9 - Exclude some pending or inactivated rows in Member scopes |