diff options
Diffstat (limited to 'lib/gitlab/auth/auth_finders.rb')
-rw-r--r-- | lib/gitlab/auth/auth_finders.rb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb index 416e36c7ccb..0796f23fbfe 100644 --- a/lib/gitlab/auth/auth_finders.rb +++ b/lib/gitlab/auth/auth_finders.rb @@ -89,9 +89,11 @@ module Gitlab job.user end - # We only allow Private Access Tokens with `api` scope to be used by web + # We allow Private Access Tokens with `api` scope to be used by web # requests on RSS feeds or ICS files for backwards compatibility. # It is also used by GraphQL/API requests. + # And to allow accessing /archive programatically as it was a big pain point + # for users https://gitlab.com/gitlab-org/gitlab/-/issues/28978. def find_user_from_web_access_token(request_format, scopes: [:api]) return unless access_token && valid_web_access_format?(request_format) @@ -269,6 +271,8 @@ module Gitlab ics_request? when :api api_request? + when :archive + archive_request? if Feature.enabled?(:allow_archive_as_web_access_format, default_enabled: :yaml) end end |