diff options
author | Rémy Coutable <remy@rymai.me> | 2016-08-08 10:10:02 +0000 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-08-08 10:10:02 +0000 |
commit | af9127e0491a284fae82d347ae311b0710e63fff (patch) | |
tree | 8435f3e984295c697f6c9d13d42c68569fbaf315 | |
parent | 0ead7c9142c1058d3930463c623b242bba815c80 (diff) | |
parent | 27d87d798b0629671d735eb42ae59d8a83253515 (diff) | |
download | gitlab-ce-af9127e0491a284fae82d347ae311b0710e63fff.tar.gz |
Merge branch '18256-secret-token-docs' into 'master'
Document that webhook secret token is sent in X-Gitlab-Token HTTP header
## What does this MR do?
Note that the secret token is sent in the X-Gitlab-Token header on the webhook documentation page, as well as directly below the secret token field on the webhook settings form.
## Are there points in the code the reviewer needs to double check?
No.
## Why was this MR needed?
It took me a while to figure out how to verify the token in my hook endpoint. Issue #18256 is where I found how to do it.
## What are the relevant issue numbers?
#18256
## Screenshots (if relevant)
## Does this MR meet the acceptance criteria?
- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
- [ ] Added for this feature/bug
- [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
Closes #18256
See merge request !5664
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/views/shared/web_hooks/_form.html.haml | 2 | ||||
-rw-r--r-- | doc/web_hooks/web_hooks.md | 4 |
3 files changed, 6 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index 48235e2c1f7..ae8b1f98950 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -39,6 +39,7 @@ v 8.11.0 (unreleased) - Include old revision in merge request update hooks (Ben Boeckel) - Add build event color in HipChat messages (David Eisner) - Make fork counter always clickable. !5463 (winniehell) + - Document that webhook secret token is sent in X-Gitlab-Token HTTP header !5664 (lycoperdon) - Gitlab::Highlight is now instrumented - All created issues, API or WebUI, can be submitted to Akismet for spam check !5333 - The overhead of instrumented method calls has been reduced diff --git a/app/views/shared/web_hooks/_form.html.haml b/app/views/shared/web_hooks/_form.html.haml index 2585ed9360b..470dac6d75b 100644 --- a/app/views/shared/web_hooks/_form.html.haml +++ b/app/views/shared/web_hooks/_form.html.haml @@ -19,7 +19,7 @@ = f.label :token, "Secret Token", class: 'label-light' = f.text_field :token, class: "form-control", placeholder: '' %p.help-block - Use this token to validate received payloads + Use this token to validate received payloads. It will be sent with the request in the X-Gitlab-Token HTTP header. .form-group = f.label :url, "Trigger", class: 'label-light' %ul.list-unstyled diff --git a/doc/web_hooks/web_hooks.md b/doc/web_hooks/web_hooks.md index 8559b67af04..d4b28d875cd 100644 --- a/doc/web_hooks/web_hooks.md +++ b/doc/web_hooks/web_hooks.md @@ -26,6 +26,10 @@ GitLab webhooks keep in mind the following things: you are writing a low-level hook this is important to remember. - GitLab ignores the HTTP status code returned by your endpoint. +## Secret Token + +If you specify a secret token, it will be sent with the hook request in the `X-Gitlab-Token` HTTP header. Your webhook endpoint can check that to verify that the request is legitimate. + ## SSL Verification By default, the SSL certificate of the webhook endpoint is verified based on |