Merge branch '18302-use-rails-cookie-in-api' into 'master'

Allow the Rails cookie to be used for API authentication Makes the Rails cookie into a valid authentication token for the Grape API, and uses it instead of token authentication in frontend code that uses the API. Rendering the private token into client-side javascript is a security risk; it may be stolen through XSS or other attacks. In general, re-using API code in the frontend is more desirable than implementing endless actions that return JSON. Closes #18302 See merge request !1995 Signed-off-by: Rémy Coutable <remy@rymai.me>
author: Rémy Coutable <remy@gitlab.com> 2016-09-19 16:04:04 +0300
committer: Rémy Coutable <remy@rymai.me> 2016-09-19 16:56:29 +0300
commit: d14c8b16c6f8d38055a608ec325781f0ef657eb2 (patch)
tree: aa76db95f915caf96a34b9e36beb6bc2a2e66b69 /CHANGELOG
parent: a73c6c42a8257e07e0982a19b003f4c5852eaede (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index db99c37af4a..45ce2d2bdd6 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 Please view this file on the master branch, on stable branches it's out of date.
 
+v 8.9.10
+  - Allow the Rails cookie to be used for API authentication.
+
 v 8.9.9
   - Exclude some pending or inactivated rows in Member scopes
author	Rémy Coutable <remy@gitlab.com>	2016-09-19 16:04:04 +0300
committer	Rémy Coutable <remy@rymai.me>	2016-09-19 16:56:29 +0300
commit	d14c8b16c6f8d38055a608ec325781f0ef657eb2 (patch)
tree	aa76db95f915caf96a34b9e36beb6bc2a2e66b69 /CHANGELOG
parent	a73c6c42a8257e07e0982a19b003f4c5852eaede (diff)